We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
valdtaniem
/
PWN-scripts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

added exploit.py (from https://radboudinstituteof.pwning.nl/posts/how2pwn/)

valdtaniem 10 hours ago
parent
895de9bd47
commit
297d3090f3
1 changed files with 55 additions and 0 deletions
Split View Show Diff Stats
  1. 55 0
      exploit.py

+ 55 - 0
exploit.py
View File 

@@ -0,0 +1,55 @@
 
+#!/usr/bin/env python3
 
+
 
+from pwn import *
 
+import subprocess
 
+
 
+
 
+def start(argv=[], *a, **kw):
 
+    if args.GDB:  # Set GDBscript below
 
+        return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
 
+    elif args.REMOTE:  # ('server', 'port')
 
+        return remote(sys.argv[1], sys.argv[2], *a, **kw)
 
+    else:  # Run locally
 
+        return process([exe] + argv, *a, **kw)
 
+
 
+
 
+"""
 
+notes:
 
+
 
+"""
 
+
 
+gdbscript = ""
 
+
 
+breakpoints = [
 
+    #    'breakrva 0xoffset',
 
+    "continue"
 
+]
 
+
 
+for s in breakpoints:
 
+    gdbscript += s + "\n"
 
+
 
+
 
+exe = "./vuln"
 
+elf = context.binary = ELF(exe, checksec=False)
 
+# context.log_level = 'info' # use DEBUG in args for debugging. LOG_LEVEL=warn/info/error for anything else
 
+
 
+"""
 
+if args.REMOTE:
 
+    libc = ELF('./libc.so.6', checksec=False)
 
+else:
 
+    libc = ELF('/usr/lib/x86_64-linux-gnu/libc.so.6', checksec=False)
 
+"""
 
+
 
+# ===========================================================
 
+#                    EXPLOIT GOES HERE
 
+# ===========================================================
 
+offset = 0
 
+
 
+io = start()
 
+
 
+payload = flat({offset: []})
 
+
 
+
 
+io.sendlineafter(b">", payload)
 
+
 
+io.interactive()