format
[pwn笔记6] heap-zero (phoenix)
heap-zero Copy
/*
* phoenix/heap-zero, by https://exploit.education
*
* Can you hijack flow control, and execute the winner function?
*…
[pwn笔记5]format-three,format-four(phoenix)
这两道似乎没有 x86_64 的解法。 format-three
Copy
/*
* phoenix/format-three, by https://exploit.education
*
* Can you change the "changeme" variable…
[pwn笔记4]format-zero,format-one,format-two(phoenix)
新的章节讲的是利用格式化字符串漏洞的故事。 format-two 全是 x86 的题解,找了半天才在一个评论区里找到如何回避 x86_64 下 \x00 的坑
format-zero
本题源码
Copy
/*
* phoenix/format-zero, by https…