ctf-writeup-collection/DeasSecCTF-2024/shadow at main · AvavaAYA/ctf-writeup-collection

History

Name		Name	Last commit message	Last commit date
parent directory ..
bin		bin
Dockerfile		Dockerfile
README.md		README.md
docker-compose.yml		docker-compose.yml

README.md

date

challenge

tags

2024-07-29 06:44

shadow

heap

这道题的关键是泄漏堆地址，拿到异或 key 后的堆地址可以进行如下运算还原：

def revese(key):
    key = key ^ ((key >> 12) & 0x000FFF000000)
    key = key ^ ((key >> 12) & 0x000000FFF000)
    key = key ^ ((key >> 12) & 0x000000000FFF)
    return key

解题脚本位于 bin/exp.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

shadow

shadow

README.md

Files

shadow

Directory actions

More options

Directory actions

More options

Latest commit

History

shadow

Folders and files

parent directory

README.md