摘要：~~~python from pwn import g_local = True ROP_SIZE = 20 LEAVE_RETN = 0x0804851D BUFFER = 0x804AE50 NEXT_ROP = BUFFER ROP_SIZE READ_ADDR = 0x080483A0 ST 阅读全文

摘要：ubuntu 1404 ~~~shell 105 tar jxvf glibc 2.23.tar.bz2 glibc 2.23/ 106 cd glibc 2.23/ 107 mkdir build 108 cd build/ 109 110 sudo apt get install gawk 11 阅读全文

摘要：pwn加载题目给定的so ~~~python from pwn import import sys, os def change_ld(binary, ld): """ Force to use assigned new ld.so by changing the binary """ if not 阅读全文

摘要：pwntools中gdb使用 下断后请加 debug() r.send(payload) r.interactive() ~~~python def debug(addr = '0x080485B8'): raw_input('debug:') gdb.attach(r, "b " + addr) 阅读全文

摘要：gdb给aslr程序下断 即在内存中不断leak 最后比对文件头，找到模块基址 ~~~python from pwn import import sys, os import re wordSz = 4 hwordSz = 2 bits = 32 PIE = 0 mypid=0 context(ar 阅读全文