passcode_WriteUp(pwnable.kr_passcode)scanf函数不加"&"带来的危险

题目传送门:http://pwnable.kr/play.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
#include <stdio.h>
#include <stdlib.h>

void login(){
int passcode1;
int passcode2;

printf("enter passcode1 : ");
scanf("%d", passcode1);
fflush(stdin);

// ha! mommy told me that 32bit is vulnerable to bruteforcing :)
printf("enter passcode2 : ");
scanf("%d", passcode2);

printf("checking...\n");
if(passcode1==338150 && passcode2==13371337){
printf("Login OK!\n");
system("/bin/cat flag");
}
else{
printf("Login Failed!\n");
exit(0);
}
}

void welcome(){
char name[100];
printf("enter you name : ");
scanf("%100s", name);
printf("Welcome %s!\n", name);
}

int main(){
printf("Toddler's Secure Login System 1.0 beta.\n");

welcome();
login();

// something after login...
printf("Now I can safely trust you that you have credential :)\n");
return 0;
}

可以将源代码,可执行文件以scp -P 2222 passcode@pwnable.kr:/home/passcode/passcode.c passcode.c下载到本地分析

另外,由于我在网上找到了有大佬写过这个,而且写的很全面,觉得自己无需再次搬砖,就把大佬的链接放在这里了:https://blog.csdn.net/smalosnail/article/details/53247502

# CTF, PWN

评论

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×