Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import sys
- import time
- from pwn import *
- env = {
- "LD_PRELOAD": "./libc_64.so.6"
- }
- glibc=ELF("./libc_64.so.6")
- context(os='linux', arch='i386', log_level='debug')
- GDB = 0
- listBp=[
- #0xE74,
- #0xF7A,
- #0xCD8,
- ]
- def createGDBScript(listBp,pie=False):
- script =""
- for a in listBp:
- if (pie):
- script+="b * "+str(hex(a+0x555555554000))+"\n"
- else :
- script+="b * "+str(hex(a))+"\n"
- script+="c\n"
- return script
- if len(sys.argv) >1:
- flag=1
- r = remote("chall.pwnable.tw", 10203)
- else:
- flag=0
- r = process("./secretgarden",aslr=False)
- if (GDB):
- gdb.attach(r,gdbscript=createGDBScript(listBp,pie=True))
- def main():
- r.interactive()
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement