k4lizen · July 20, 2024 07:26
diff --git a/exploit.py b/exploit.py
 #!/usr/bin/env python
 from pwn import *

 HOST = "example.com"
 PORT = 1337
 using_aslr = False

 exe = context.binary = ELF('./chal', checksec=False)
 # libc = ELF('./libc.so.6', checksec=False)
 # ld = ELF('./ld-linux-x86-64.so.2', checksec=False)
 context.terminal = "kitty @ launch --location=before --cwd=current --bias=65".split()
 context.log_level = 'debug'
 context.encoding = 'ascii'

 def start(argv=[], *a, **kw):
    if args.GDB or args.DBG:
        return gdb.debug([exe.path], gdbinit, aslr=using_aslr, *a, **kw)
    elif args.REMOTE:
        return remote(os.environ.get("HOST", HOST), int(os.environ.get("PORT", PORT)))
    elif args.DOCKER:
        return remote("localhost", 1337)
    return process([exe.path], aslr=using_aslr, *a, **kw)
 # template end

 gdbinit = '''
 break main
 '''.format(**locals())

 p = start()

 p.interactive()
 p.close()
	#!/usr/bin/env python
	from pwn import *

	HOST = "example.com"
	PORT = 1337
	using_aslr = False

	exe = context.binary = ELF('./chal', checksec=False)
	# libc = ELF('./libc.so.6', checksec=False)
	# ld = ELF('./ld-linux-x86-64.so.2', checksec=False)
	context.terminal = "kitty @ launch --location=before --cwd=current --bias=65".split()
	context.log_level = 'debug'
	context.encoding = 'ascii'

	def start(argv=[], a, *kw):
	if args.GDB or args.DBG:
	return gdb.debug([exe.path], gdbinit, aslr=using_aslr, a, *kw)
	elif args.REMOTE:
	return remote(os.environ.get("HOST", HOST), int(os.environ.get("PORT", PORT)))
	elif args.DOCKER:
	return remote("localhost", 1337)
	return process([exe.path], aslr=using_aslr, a, *kw)
	# template end

	gdbinit = '''
	break main
	'''.format(**locals())

	p = start()

	p.interactive()
	p.close()