kotori的菜园

挑战者贵为永恒黄金

首页 归档 标签 友链 关于

关于

2022-10-18 1 min read

👨‍💻 About

guest@kotori:~$ nc introduction.kotori.com 11451
=====================
 wellcome to my blog
=====================
/ $ whoami
ctfer
/ $ cat /etc/about
cat: /etc/about: Permission denied
/ $ exit
guest@kotori:~$ python3 upload_exp.py introduction.kotori.com 11451
[+] Opening connection to introduction.kotori.com on port 11451: Done
[+] Upload: Done
[*] Switching to interactive mode
/ $ /tmp/exp
[*] heap spraying...
[*] trying to find uaf user_key_payload...
[+] found uaf user_key_payload in idx: 27, key_id: 185134585
[+] Partial leak:
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	0000000000000000
	ffff8efc01fff480
	ffffffffa37d8210
[+] user_free_payload_rcu addr: 0xffffffffa37d8210
[+] kernel_offset: 0x22400000
[+] buffer_recv: 0x7fea45807010
[+] pipe_buffer addr: 0xffff8efc01fa2c00
[+] got root shell
/ # whoami
root
/ # cat /etc/about
ID: kotoriseed
Hobby: Binary Security, YOYO, ACG, Ukulele
noob pwner, trying to do better on binary research.
RSS