pwntools-level-1.1

Challenge Objective:

This level requires you to read the bypass_me function in the challenge and use pwntools to complete the challenge. You need to use Python string concatenation and the p64, p32, p16, p8 APIs from pwntools to write an exploit script, send a specific input to bypass the check, and read the /flag.

Core Logic Code:

if (buf[0] != 'p' || buf[1] != 0x15) 
memcpy(&num, buf + 2, 4);
if (num != 123456789) 
strncmp(buf + 6, "Bypass Me:)", 11)

To solve this, we need to concatenate with this offset. For a better understanding, here is the table version below:

Solution Code:

from pwn import *

context(arch='amd64', os='linux', log_level='debug')
p = process('/challenge/pwntools-tutorials-level1.1')

payload  = b''
payload += b'p'                      # buf[0]
payload += p8(0x15)                  # buf[1]
payload += p32(123456789)           # buf[2–5]
payload += b'Bypass Me:)'           # buf[6–16]
payload = payload.ljust(100, b'\x00')

# Send the payload
p.sendline(payload)

# Receive the response
output = p.recvall()
print(f"flag is: {output.decode(errors='ignore').strip()}")

Note:

• I prejudged the padding and failed to get the flag at first case which was

payload  = b''
payload += b'p'                      # buf[0]
payload += p8(0x15)                  # buf[1]
payload += p32(123456789)           # buf[2–5]
payload += b'Bypass Me:)'           # buf[6–16]

p.sendline(payload)
flag = p.recvline()
print(f"flag is: {flag.decode().strip()}")

here i messed up sending only 17 bytes but the program was taking up to 100 bytes , SO i wasnot getting flag..

• I learned to make a table using markdown

Flag: