1分的题…… #include <stdio.h> #include <stdlib.h> #include <string.h> char buf[32]; int main(int argc, char* argv[], char* envp[]){ if(argc<2){ printf("pass argv[1] a number\n"); return 0; } int fd = atoi( argv[1] ) - 0x1234; int len = 0; len = read(fd, buf, 32); if(!strcmp("LETMEWIN\n", buf)){ printf("good job :)\n"); system("/bin/cat flag"); exit(0); } printf("learn about Linux file IO\n"); return 0; } stdin是fd 0,0x1234是4660。所以 $ echo LETMEWIN | ./fd 4660 Previous ELF segments and sections Next unexploitable FEATURED TAGS HTTP wechall PHP linux sql exploit crypto OverTheWire reverse how-to binary pwnable.kr ksnctf misc android webhacking.kr fuzzing