defleak(address): count = 0 data = "" payload = xxx sh.send(payload) print sh.recvuntil("xxx\n") #一定要在puts前释放完输出 up = "" whileTrue: c = sh.recv(1) count += 1 if up == '\n'and c == "x": #一定要找到泄漏信息的字符串特征 data = buf[:-1] data += "\x00" break else: buf += c up = c data = buf[:4] log.info("%#x => %s" % (address, (data or'').encode('hex'))) return data