Last active
May 12, 2023 20:42
-
-
Save ardubev16/005852ed3d629a39f6667551d90ebb65 to your computer and use it in GitHub Desktop.
A function to find the return address offset in CTF challenges with simple buffer overflows, works with both 32-bit and 64-bit binaries
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from pwn import * | |
| def find_ra(proc: process, buf_size: int = 1000) -> int: | |
| """Find the offset of the return address on the stack. | |
| Args: | |
| send_payload: A function that sends the payload to the target. | |
| buf_size: The size of the buffer in bytes. | |
| Returns: | |
| The offset of the return address on the stack. | |
| """ | |
| payload = cyclic(buf_size, n=context.bytes) | |
| proc.sendline(payload) | |
| proc.wait() | |
| addr = proc.corefile.fault_addr | |
| offset = cyclic_find(addr, n=context.bytes) | |
| os.remove(proc.corefile.path) | |
| log.info(f'Found return address at offset {offset}') | |
| return offset | |
| # Usage example | |
| context.binary = elf = ELF('./callme', checksec=False) | |
| io = elf.process() | |
| find_ra(io) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment