Skip to content

[LAB7] 512559005 #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 14 commits into from
Closed

[LAB7] 512559005 #550

Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1351019
Merge branch 'SQLab:main' into lab3
soymilk05 Apr 17, 2024
cbfd927
Merge branch 'SQLab:main' into main
soymilk05 Apr 22, 2024
41cc403
add: lab6
YingMuo Apr 24, 2024
9777d36
feat: lab6
YingMuo Apr 24, 2024
110400a
fix: lab6
YingMuo Apr 24, 2024
eae2c35
fix: lab6
YingMuo Apr 24, 2024
2063787
Fix: lab6
YingMuo Apr 24, 2024
a2f55d5
Add: lab7
YingMuo May 1, 2024
56585b1
Fix: lab7
YingMuo May 1, 2024
7a945c9
Fix: lab7, angr not installed
YingMuo May 1, 2024
125dc06
Merge branch 'SQLab:main' into main
soymilk05 May 17, 2024
a979046
6/5
soymilk05 Jun 5, 2024
db4cec9
Merge branch '512559005' into lab7
soymilk05 Jun 12, 2024
08f0dad
Merge branch '512559005' into lab7
TaiYou-TW Jun 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions lab7/sol.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import angr, sys

def successful(state):
return b"Login successful" in state.posix.dumps(sys.stdout.fuleno())

def fail(state):
return b"Login fauled" in state.posix.dumps(sys.stdout.fuleno())

# 加載二進制文件
proj = angr.Project('./login')

init_state = proj.factory.entry_state()

simulation = proj.factory.simgr(init_state)

simulation.explore(find=successful, avoid=fail)

solution = simulation.found[0]

print(solution.posix.dumps(sys.stdin.fileno()))