-
-
看雪CTF2019Q1-第8题
-
发表于:
2019-3-19 00:27
3280
-
checksec trepwn
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
NX: NX enabled
PIE: PIE enabled
FORTIFY: Enabled
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
NX: NX enabled
PIE: PIE enabled
FORTIFY: Enabled
程序是go语言静态编译的程序, 使用
IDAGolangHelper识别库函数
c42K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6K6K9h3u0W2j5i4u0K6i4K6u0r3d9f1c8m8c8$3!0D9j5h3&6Y4d9r3g2D9M7r3g2J5
如下坐标系(x,y), 横轴为x, 纵轴为y, 0表示原点(0,0)
1: (5, 0), treasure1
2: (5, 5), treasure2
3: (0, 5), treasure3
4: 下图中的某个*,
treasure4
操作: 上w, 下s, 左a, 右d
3 * * * * 2
* * * * * *
* * * * * *
* * * * * *
* * * * * *
0 * * * * 1
3 * * * * 2
* * * * * *
* * * * * *
* * * * * *
* * * * * *
0 * * * * 1
joke函数中会循环判断当前的位置, 当移动到treasure4附近时, 会将treasure4移到其他地方
不过循环中有time.Sleep(1)
.text:00000000000D82F0 main_Joke
.text:00000000000D82F0 main_Joke
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
