6.1.11 pwn 9447CTF2015 Search-Engine

下载文件

题目复现

  1. $ file search
  2. search: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=4f5b70085d957097e91f940f98c0d4cc6fb3343f, stripped
  3. $ checksec -f search
  4. RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
  5. Partial RELRO   Canary found      NX enabled    No PIE          No RPATH   No RUNPATH   Yes     1               3       search

64 位程序,开启了 NX 和 Canary。

玩一下,看名字就知道是一个搜索引擎,大概流程是这样的,首先给词库加入一些句子,句子里的单词以空格间隔开,然后可以搜索所有包含某单词的句子,当找到某条句子后,将其打印出来,并询问是否删除。

  1. $ ./search
  2. 1: Search with a word
  3. 2: Index a sentence
  4. 3: Quit
  5. 2
  6. Enter the sentence size:
  7. 10
  8. Enter the sentence:
  9. hello aaaa
  10. Added sentence
  11. 1: Search with a word
  12. 2: Index a sentence
  13. 3: Quit
  14. 2
  15. Enter the sentence size:
  16. 10
  17. Enter the sentence:
  18. hello bbbb
  19. Added sentence
  20. 1: Search with a word
  21. 2: Index a sentence
  22. 3: Quit
  23. 1
  24. Enter the word size:
  25. 5
  26. Enter the word:
  27. hello
  28. Found 10: hello bbbb
  29. Delete this sentence (y/n)?
  30. y
  31. Deleted!
  32. Found 10: hello aaaa
  33. Delete this sentence (y/n)?
  34. n
  35. 1: Search with a word
  36. 2: Index a sentence
  37. 3: Quit
  38. 3

根据经验,这是一道堆利用的题目。

题目解析

漏洞利用

参考资料