Pwnctf pwntools Writeup

kazma 成大資安社 創辦人/社長
  2023-12-20 23:31:10 2023-12-20 23:31:10 Created   2023-12-20 23:37:48 2023-12-20 23:37:48 Updated    

pwntools

首先他會比較第一個參數是否為一個特定的值:

pwntools

再來就是用 pwntools 來解決他的一千道數學題,exploit.py:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
from pwn import *

r = process('./pwntools')

r.sendlineafter(b':)', p32(0x79487ff))
r.recvuntil(b'.')
count = 1

for i in range(1000):
    q = r.recvuntil(b'?').decode().split('=')[0].strip()
    a = str(eval(q))
    print(f"{count}: {q} = {a}")
    r.sendline(a)
    count += 1

r.interactive()

result:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
988: 9203 * 20282 = 186655246
989: 19822 + 22058 = 41880
990: 38646 - 12687 = 25959
991: 20506 * 5162 = 105851972
992: 39428 - 8646 = 30782
993: 1659 - 19180 = -17521
994: 37476 * 13886 = 520391736
995: 7168 * 38433 = 275487744
996: 17943 + 38791 = 56734
997: 39312 + 13976 = 53288
998: 4194 * 19531 = 81913014
999: 4477 - 39353 = -34876
1000: 779 + 34351 = 35130
[*] Switching to interactive mode
Welcome hacker!
$ cat flag
BreakAllCTF{Scr1pting_skill_is_important_for_a_hacker}

Pwned !!!

  • Title: Pwnctf pwntools Writeup
  • Author: kazma
  • Created at : 2023-12-20 23:31:10
  • Updated at : 2023-12-20 23:37:48
  • Link: https://kazma.tw/2023/12/20/Pwnctf-pwntools-Writeup/
  • License: This work is licensed under CC BY-NC-SA 4.0.
Comments
On this page
Pwnctf pwntools Writeup
  1. pwntools