当前位置: 首页 > news >正文

bugku——PWN——overflow2

news 2026/5/25 19:44:55

overflow2

1.今天本地部署了大模型claude,一句话直接解出来flag,惊呆了老铁😱😱😱😱

题目叫做overflow2,是一道pwn题目,下载下来是一个压缩包pwn5.zip,启动了一个环境nc 160...161 12450

2.本地安装pwn环境还报错

3.看到报错你肯定觉得,我没有升级pip,但是我升级了还在报错
python -m pip install --upgrade pip

4.没有办法,我把报错直接复制给AI,它直接给我换了思路,直接写成exp给我获取flag

本地下载环境报错
C:\Users\Dell.claude\skills\ctf-skills\ctf-workspace\overflow2>pip install pwntools
Defaulting to user installation because normal site-packages is not writeable
Collecting pwntools
Using cached pwntools-4.15.0-py2.py3-none-any.whl.metadata (5.3 kB)
Collecting paramiko>=1.15.2 (from pwntools)
Using cached paramiko-5.0.0-py3-none-any.whl.metadata (3.7 kB)
Collecting mako>=1.0.0 (from pwntools)
Using cached mako-1.3.12-py3-none-any.whl.metadata (2.9 kB)
Collecting pyelftools>=0.29 (from pwntools)
Using cached pyelftools-0.32-py3-none-any.whl.metadata (372 bytes)
Collecting capstone>=3.0.5rc2 (from pwntools)
Using cached capstone-6.0.0a7-cp38-abi3-win_amd64.whl.metadata (3.7 kB)
Collecting ropgadget>=5.3 (from pwntools)
Using cached ropgadget-7.7-py3-none-any.whl.metadata (1.0 kB)
Collecting pyserial>=2.7 (from pwntools)
Using cached pyserial-3.5-py2.py3-none-any.whl.metadata (1.6 kB)
Requirement already satisfied: requests>=2.0 in C:\Python314\Lib\site-packages (from pwntools) (2.32.5)
Requirement already satisfied: pip>=6.0.8 in C:\Users\Dell\AppData\Roaming\Python\Python314\site-packages (from pwntools) (26.1.1)
Collecting pygments>=2.0 (from pwntools)
Using cached pygments-2.20.0-py3-none-any.whl.metadata (2.5 kB)
Collecting pysocks (from pwntools)
Using cached PySocks-1.7.1-py3-none-any.whl.metadata (13 kB)
Collecting python-dateutil (from pwntools)
Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl.metadata (8.4 kB)
Collecting packaging (from pwntools)
Using cached packaging-26.2-py3-none-any.whl.metadata (3.5 kB)
Collecting psutil>=3.3.0 (from pwntools)
Using cached psutil-7.2.2-cp37-abi3-win_amd64.whl.metadata (22 kB)
Collecting intervaltree>=3.0 (from pwntools)
Using cached intervaltree-3.2.1-py2.py3-none-any.whl.metadata (12 kB)
Collecting sortedcontainers (from pwntools)
Using cached sortedcontainers-2.4.0-py2.py3-none-any.whl.metadata (10 kB)
Collecting unicorn!=2.1.3,!=2.1.4,>=2.0.1 (from pwntools)
Using cached unicorn-2.1.2.tar.gz (2.9 MB)
Installing build dependencies … done
Getting requirements to build wheel … done
Preparing metadata (pyproject.toml) … done
Collecting six>=1.12.0 (from pwntools)
Using cached six-1.17.0-py2.py3-none-any.whl.metadata (1.7 kB)
Collecting rpyc (from pwntools)
Using cached rpyc-6.0.2-py3-none-any.whl.metadata (3.5 kB)
Collecting colored_traceback (from pwntools)
Using cached colored_traceback-0.4.2-py3-none-any.whl.metadata (4.6 kB)
Collecting unix-ar (from pwntools)
Using cached unix_ar-0.2.1-py2.py3-none-any.whl.metadata (1.9 kB)
Collecting zstandard (from pwntools)
Using cached zstandard-0.25.0-cp314-cp314-win_amd64.whl.metadata (3.3 kB)
Collecting MarkupSafe>=0.9.2 (from mako>=1.0.0->pwntools)
Using cached markupsafe-3.0.3-cp314-cp314-win_amd64.whl.metadata (2.8 kB)
Collecting bcrypt>=3.2 (from paramiko>=1.15.2->pwntools)
Using cached bcrypt-5.0.0-cp39-abi3-win_amd64.whl.metadata (10 kB)
Collecting cryptography>=3.3 (from paramiko>=1.15.2->pwntools)
Using cached cryptography-48.0.0-cp311-abi3-win_amd64.whl.metadata (4.3 kB)
Collecting invoke>=2.0 (from paramiko>=1.15.2->pwntools)
Using cached invoke-3.0.3-py3-none-any.whl.metadata (3.2 kB)
Collecting pynacl>=1.5 (from paramiko>=1.15.2->pwntools)
Using cached pynacl-1.6.2-cp38-abi3-win_amd64.whl.metadata (10 kB)
Collecting cffi>=2.0.0 (from cryptography>=3.3->paramiko>=1.15.2->pwntools)
Using cached cffi-2.0.0-cp314-cp314-win_amd64.whl.metadata (2.6 kB)
Collecting pycparser (from cffi>=2.0.0->cryptography>=3.3->paramiko>=1.15.2->pwntools)
Using cached pycparser-3.0-py3-none-any.whl.metadata (8.2 kB)
Requirement already satisfied: charset_normalizer<4,>=2 in C:\Python314\Lib\site-packages (from requests>=2.0->pwntools) (3.4.6)
Requirement already satisfied: idna<4,>=2.5 in C:\Python314\Lib\site-packages (from requests>=2.0->pwntools) (3.11)
Requirement already satisfied: urllib3<3,>=1.21.1 in C:\Python314\Lib\site-packages (from requests>=2.0->pwntools) (2.6.3)
Requirement already satisfied: certifi>=2017.4.17 in C:\Python314\Lib\site-packages (from requests>=2.0->pwntools) (2026.2.25)
Collecting colorama (from colored_traceback->pwntools)
Using cached colorama-0.4.6-py2.py3-none-any.whl.metadata (17 kB)
Collecting plumbum (from rpyc->pwntools)
Using cached plumbum-1.10.0-py3-none-any.whl.metadata (8.4 kB)
Collecting pywin32 (from plumbum->rpyc->pwntools)
Using cached pywin32-311-cp314-cp314-win_amd64.whl.metadata (10 kB)
Using cached pwntools-4.15.0-py2.py3-none-any.whl (12.9 MB)
Using cached capstone-6.0.0a7-cp38-abi3-win_amd64.whl (2.5 MB)
Using cached intervaltree-3.2.1-py2.py3-none-any.whl (25 kB)
Using cached mako-1.3.12-py3-none-any.whl (78 kB)
Using cached markupsafe-3.0.3-cp314-cp314-win_amd64.whl (15 kB)
Using cached paramiko-5.0.0-py3-none-any.whl (208 kB)
Using cached bcrypt-5.0.0-cp39-abi3-win_amd64.whl (150 kB)
Using cached cryptography-48.0.0-cp311-abi3-win_amd64.whl (3.8 MB)
Using cached cffi-2.0.0-cp314-cp314-win_amd64.whl (185 kB)
Using cached invoke-3.0.3-py3-none-any.whl (160 kB)
Using cached psutil-7.2.2-cp37-abi3-win_amd64.whl (137 kB)
Using cached pyelftools-0.32-py3-none-any.whl (188 kB)
Using cached pygments-2.20.0-py3-none-any.whl (1.2 MB)
Using cached pynacl-1.6.2-cp38-abi3-win_amd64.whl (239 kB)
Using cached pyserial-3.5-py2.py3-none-any.whl (90 kB)
Using cached ropgadget-7.7-py3-none-any.whl (32 kB)
Using cached six-1.17.0-py2.py3-none-any.whl (11 kB)
Using cached colored_traceback-0.4.2-py3-none-any.whl (5.5 kB)
Using cached colorama-0.4.6-py2.py3-none-any.whl (25 kB)
Using cached packaging-26.2-py3-none-any.whl (100 kB)
Using cached pycparser-3.0-py3-none-any.whl (48 kB)
Using cached PySocks-1.7.1-py3-none-any.whl (16 kB)
Using cached python_dateutil-2.9.0.post0-py2.py3-none-any.whl (229 kB)
Using cached rpyc-6.0.2-py3-none-any.whl (74 kB)
Using cached plumbum-1.10.0-py3-none-any.whl (127 kB)
Using cached pywin32-311-cp314-cp314-win_amd64.whl (9.7 MB)
Using cached sortedcontainers-2.4.0-py2.py3-none-any.whl (29 kB)
Using cached unix_ar-0.2.1-py2.py3-none-any.whl (6.5 kB)
Using cached zstandard-0.25.0-cp314-cp314-win_amd64.whl (516 kB)
Building wheels for collected packages: unicorn
Building wheel for unicorn (pyproject.toml) … error
error: subprocess-exited-with-error

× Building wheel for unicorn (pyproject.toml) did not run successfully.
│ exit code: 1
╰─> [45 lines of output]
C:\Users\Dell\AppData\Local\Temp\pip-build-env-saudaa48\overlay\Lib\site-packages\setuptools\config_apply_pyprojecttoml.py:82: SetuptoolsDeprecationWarning:project.licenseas a TOML table is deprecated
!!

******************************************************************************** Please use a simple string containing a SPDX expression for `project.license`. You can also use `project.license-files`. (Both options available on setuptools>=77.0.0). By 2027-Feb-18, you need to update your project and remove deprecated calls or your builds will no longer be supported. See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. ******************************************************************************** !! corresp(dist, value, root_dir) C:\Users\Dell\AppData\Local\Temp\pip-build-env-saudaa48\overlay\Lib\site-packages\setuptools\config\_apply_pyprojecttoml.py:61: SetuptoolsDeprecationWarning: License classifiers are deprecated. !! ******************************************************************************** Please consider removing the following classifiers in favor of a SPDX license expression: License :: OSI Approved :: BSD License See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. ******************************************************************************** !! dist._finalize_license_expression() C:\Users\Dell\AppData\Local\Temp\pip-build-env-saudaa48\overlay\Lib\site-packages\setuptools\dist.py:765: SetuptoolsDeprecationWarning: License classifiers are deprecated. !! ******************************************************************************** Please consider removing the following classifiers in favor of a SPDX license expression: License :: OSI Approved :: BSD License See https://packaging.python.org/en/latest/guides/writing-pyproject-toml/#license for details. ******************************************************************************** !! self._finalize_license_expression() running bdist_wheel running build running build_py Building C extensions error: [WinError 2] 系统找不到指定的文件。 [end of output]

note: This error originates from a subprocess, and is likely not a problem with pip.
ERROR: Failed building wheel for unicorn
Failed to build unicorn
error: failed-wheel-build-for-install

× Failed to build installable wheels for some pyproject.toml based projects
╰─> unicorn

5.直接给我转换了思路

6.直接运行它给的exp,直接获取flag

7.成功提交

8.其实,在你看来可能没有一点技术含量。大佬勿喷,全靠AI
我们在大佬的肩膀上思考问题,也感谢以前大佬们的辛勤付出,才有了今天的高效率输出。

9.细心的师傅们,可能已经发现,我使用了skill,才有了兵贵神速的夸张,重点还是想分享一下skill,网上有很多,在这里就不细说啦哈,重点还是保护我们本地环境不背侵害,分享一下,SKILL.md文件

name: secure-ctf-assistant
description: Windows安全受限的CTF分析助手。只读+沙箱隔离,禁止删除/修改本地文件。
allowed-tools: Read, Grep, Write(%TEMP%\ctf-workspace**)

安全宪法(强制执行)

1. 文件系统隔离

  • 唯一工作目录%TEMP%\ctf-workspace\
  • 禁止访问的路径
    • C:\Windows\
    • C:\Program Files\
    • C:\Users\
    • C:\Documents and Settings\
    • D:\及任何其他盘符根目录
  • 禁止操作:删除、修改、移动、重命名任何上述路径中的文件

2. 命令限制

  • 允许dir,type,findstr,python
  • 禁止
    • del,rmdir,erase
    • move,rename,copy(移出工作区)
    • curl,wget,powershell
    • start,cmd /c
    • 任何管道后接命令执行

3. 代码执行限制

  • 生成的 Python 脚本禁止使用:os.system,subprocess,eval,exec,__import__
  • 脚本只能操作%TEMP%\ctf-workspace\内的文件

4. 违规响应

  • 检测到违规请求 → 回复:“安全策略禁止,无法执行”

工作流程

  1. 用户上传文件后,在%TEMP%\ctf-workspace\进行分析
  2. 分析日志写入%TEMP%\ctf-workspace\analysis.log
  3. 结果输出到终端

10.将其放置在skill技巧下面就行,注意区分大小写SKILL.md

http://www.jsqmd.com/news/845655/

相关文章:

  • 本地大模型部署终极指南:llama-cpp-python实战深度解析
  • QRazyBox:轻松修复损坏二维码的专业工具箱
  • 终极隐私保护神器:Boss-Key窗口隐藏工具的完整使用指南
  • 2026年4月评价高的活性炭箱优质厂家推荐,活性炭箱/沸石转轮/除尘器/催化燃烧,活性炭箱制造企业推荐分析 - 品牌推荐师
  • 支付系统在文旅场景的进阶之路:聚合收单、分账与自动化对账
  • 避开这些坑!STM32H743 FDCAN搭配TJA1042T的滤波器与中断配置避坑指南
  • 长沙二手房全屋定制公司实测评测:适配性与服务能力对比 - 奔跑123
  • PP/PPH储罐、PP/PPH搅拌罐
  • Illustrator智能对象替换引擎:如何将设计效率提升20倍?
  • 存量焕新与品质重塑:2026年东莞厨卫翻新市场深度洞察 - 优家闲谈
  • 从CTF靶场到实战:手把手复现UUCTF Web赛题中的PHP反序列化字符串逃逸漏洞
  • Perplexity字体调用失败?揭秘API响应延迟、字体缓存失效及跨域加载失败的5大根因
  • R型音频变压器:从结构原理到音质提升的深度解析
  • 港澳通行证照片怎么手机拍?照片要求详解+2026实测拍摄方法全攻略 - 软件小管家
  • 智能取餐柜硬件方案:安卓主板选型、系统架构与实战部署
  • OCAT深度解析:OpenCore配置的革命性GUI工具如何简化黑苹果部署
  • 不只是开发:我把WSL2+Docker+VSCode变成了我的AI项目“便携实验室”
  • 定位
  • 用51单片机和28BYJ-48做个智能小装置:角度控制云台/旋转展示架的完整项目
  • XNBCLI深度解析:解锁星露谷物语资源编辑的终极命令行工具
  • Taotoken用量看板如何帮助团队精细化控制API成本
  • 【ACM出版|往届已稳定EI检索】第二届大数据与智慧医学国际学术会议(BDIMed 2026) - 爱搞科研的小刘
  • 甲骨文云实例安全组端口开放后仍然无法访问怎么排查?
  • 2026年乌鲁木齐搬家公司怎么选?同城搬迁、企业搬家、大件搬运一站式深度横评 - 企业名录优选推荐
  • CI-03T 与 SU-03T 识别与烧录差异指南
  • 2026iscc区域赛web题
  • 从模型验证到单元测试:PyTorch张量比较函数(allclose/isclose/eq/equal)的5个高效应用场景
  • 基于32位ARM处理器的无人机勘察系统设计:从硬件选型到软件调优
  • 中小药企/科研机构选广州中药提取设备厂家的4步指南 - 速递信息
  • 揭秘ESP32智能家居控制系统:如何用开源硬件打造专业级家庭自动化方案