本次 ACTF 2023,我们星盟ctf战队排名第13。01PWN1.master of orw题目直接给了任意代码执行但是sandbox禁用了常用的orw(open|read|write) 会用到的系统调用。__int64 __fastcall main(__int64 a1, char **a2, char **a3){ void *buf; // [rsp+8h] [rbp-8h] sub_1209(); buf = mmap(0LL, 0x1000uLL, 7, 33, -1, 0LL); puts("Input your code"); read(0, buf, 0x400uLL); puts("Wish you a good journey"); sandbox(); ((void (*)(void))buf)(); return 0LL;}禁用规则如下 line CODE JT JF K================================= 0000: 0x20 0x00 0x00 0x00000004 A = arch 0001: 0x15 0x00 0x19 0xc000003e if (A != ARCH_X86_64) goto 0027 0002: 0x20 0x00 0x00 0x00000000 A = sys_number 0003: 0x35 0x00 0x01 0x40000000 if (A 0x40000000) goto 0005 0004: 0x15 0x00 0x16 0xffffffff if (A != 0xffffffff) goto 0027 0005: 0x15 0x15 0x00 0x00000000 if (A == read) goto 0027 0006: 0x15 0x14 0x00 0x00000001 if (A == write) goto 0027 0007: 0x15 0x13 0x00 0x0000
………………………………