hama7230

# RCTF2018 cpushop crypto
from pwn import *
import commands
import hashpumpy

conn = remote('cpushop.2018.teamrois.cn', 43000)

conn.sendline('2')
conn.sendline('9')
conn.recvuntil('Your order:\n')

hama7230

#!/usr/bin/env python
# RCTF 2018 babyehap pwn
from pwn import *

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

# libc = ELF('./libc.so.6')
elf = ELF('./babyheap')
context(os='linux', arch=elf.arch)

hama7230

#!/usr/bin/env python
# RCTF 2018 RNote4
from pwn import *

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

# libc = ELF('')
elf = ELF('./RNote4')
context(os='linux', arch=elf.arch)

hama7230

#!/usr/bin/env python
# RCTF 2018 stringer pwn
from pwn import *

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

# libc = ELF('')
elf = ELF('./stringer')
context(os='linux', arch=elf.arch)

hama7230

#!/usr/bin/env python
from pwn import *

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

# libc = ELF('')
elf = ELF('./bbs_3e897818670a0db55eaed8109b6a73f0e03d54e7')
context(os='linux', arch=elf.arch)
context(log_level='debug')  # output verbose log

hama7230

#!/usr/bin/env python
from pwn import *
from libformatstr import FormatStr

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

libc = ELF('./libc-2.23.so')
elf = ELF('./seczon')
context(os='linux', arch=elf.arch)

hama7230

from pwn import *

conn = remote('tekeisan-ekusutoriim.chall.beginners.seccon.jp', 8690)

conn.recvuntil(' see you.')
for i in range(1, 101):
    conn.recvuntil('(Stage.%d)\n'%i)
    buf = conn.recvuntil('=')[:-1].strip()
    conn.sendline(str(eval(buf)))
conn.interactive()

hama7230

from pwn import *

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

# libc = ELF('./libc-2.23.so')
elf = ELF('./freenote2018')
context(os='linux', arch=elf.arch)
# context(log_level='debug')  # output verbose log

hama7230

#!/usr/bin/env python
from pwn import *

context(terminal=['tmux', 'splitw', '-h'])  # horizontal split window
# context(terminal=['tmux', 'new-window'])  # open new window

# libc = ELF('')
elf = ELF('./babyheap1804')
context(os='linux', arch=elf.arch)
context(log_level='debug')  # output verbose log

hama7230

// https://pastebin.com/gtJA92j8
function ua2d(x) {
      // x: Uint32Array[2]
      return new Float64Array(new Uint32Array([x[1], x[0]]).buffer)[0];
}
function u2d(x) {
      return ua2d([x/0x100000000, x%0x100000000]);
}

var gomi = new Uint8Array([1,2,3,4]);