Open zhouat opened 7 years ago
ropper -f level2_x64 --search "pop|edi|ret"
L2R [1] edi [2] esi [3] rdx [4] rcx [5] r8 [6] r9
R2L [7]...
ROPgadget --binary pwn2 --ropchain
p32(0x080483e4).encode('hex').decode('hex')
ref: https://github.com/CTF-Thanos/ctf-writeups/tree/master/2016/429ctf/pwn/pwn2
pwntool socket
pop shell
Tools: JPK(JPocketKnife) Stegsolve asm(arch='arm') sudo apt-get install gcc-arm-linux-gnueabihf