-
-
[原创]pwnabletw silver_bullet writeup
-
发表于:
2025-4-28 17:26
3856
-
[原创]pwnabletw silver_bullet writeup
通过逆向可以发现本题的漏洞在于power_up函数中的strncat
int __cdecl power_up(mystruct *dest)
{
char s[48]; // [esp+0h] [ebp-34h] BYREF
int v3; // [esp+30h] [ebp-4h]
v3 = 0;
memset(s, 0, sizeof(s));
if ( !dest->str[0] )
return puts("You need create the bullet first !");
if ( dest->len > 0x2Fu )
return puts("You can't power up any more !");
printf("Give me your another description of bullet :");
read_input(s, 48 - dest->len);
strncat(dest->str, s, 48 - dest->len);
v3 = strlen(s) + dest->len;
printf("Your new power is : %u\n", v3);
[培训]《冰与火的战歌:Windows内核攻防实战》!从零到实战,融合AI与Windows内核攻防全技术栈,打造具备自动化能力的内核开发高手。
