6.1.32 pwn SECCONCTF2017 vm_no_fun

下载文件

题目复现

  1. $ file inception
  2. inception: ELF 64-bit LSB pie executable x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=c36d0c2ef8cae7c5166fa8e3cc30a229f97968c3, stripped
  3. $ checksec -f inception
  4. RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FORTIFY Fortified Fortifiable  FILE
  5. Partial RELRO   Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   Yes     0               3       inception
  6. $ strings libc-2.23.so | grep "GNU C"
  7. GNU C Library (Ubuntu GLIBC 2.23-0ubuntu9) stable release version 2.23, by Roland McGrath et al.
  8. Compiled by GNU CC version 5.4.0 20160609.

64 位程序,开启了 canary、NX 和 PIE,默认开启 ASLR。

题目解析

漏洞利用

参考资料