SYNOPSIS int getdents(unsigned int fd, struct linux_dirent *dirp, unsigned int count); int getdents64(unsigned int fd, struct linux_dirent64 *dirp, unsigned int count);
Note: There are no glibc wrappers for these system calls; see NOTES.
#!/usr/bin/env python3 from Crypto.Util.number import * from tqdm import tqdm
classSolver: def__init__(self, x, n): self.x = x self.n = n self.pq = [(0, 0)]
defadd(self, b, p, q): if p * q <= n and (p | (b - 1)) * (q | (b - 1)) >= n: self.pq.append((p, q))
defsolve(self): for shift in tqdm(range(4095, -1, -1)): b = 1 << shift pq, self.pq = self.pq, [] for p, q in pq: if self.x & b: self.add(b, p | b, q) self.add(b, p, q | b) else: self.add(b, p, q) self.add(b, p | b, q | b) return self.pq[0]
exec(open('flag.enc').read().lower()) solver = Solver(x, n) p, q = solver.solve() r = (p - 1) * (q - 1) d = inverse(e, r) m = pow(c, d, n) print(long_to_bytes(m))
Kernel challs are always a bit painful. No internet access, no SSH, no file copying. You’re stuck with copy pasting base64’d (sometimes static) ELFs. But what if there was another solution? We’ve created a lightweight, simple binary format for your pwning pleasure. It’s time to prove your skills. nc p4fmt.zajebistyc.tf 30002
RELRO STACK CANARY NX PIE RPATH RUNPATH Symbols FORTIFY Fortified Fortifiable FILE Full RELRO No canary found NX enabled PIE enabled No RPATH No RUNPATH 65 Symbols No 0 1 ./hello
pwntools 也有內建一個名字和功能都一樣的指令
1 2 3 4 5
Arch: amd64-64-little RELRO: Full RELRO Stack: No canary found NX: NX enabled PIE: PIE enabled