/
exploit_init_bare.py
28 lines (28 loc) · 1.03 KB
/
exploit_init_bare.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
from pwn import *
settings = {
"binary" : "./lab8B",
}
def exploit():
p.sendlineafter("I COMMAND YOU TO ENTER YOUR COMMAND: ","1") # Command 1 - Enter data
p.sendline("1") # Vector number - 1
p.sendline("A") # v1.a - the char
p.sendline("2") # v1.b - signed short int
p.sendline("3") # v1.c - unsigned short int
p.sendline("4") # v1.d - signed int
p.sendline("5") # v1.e - unsigned int
p.sendline("6") # v1.f - signed long int
p.sendline("7") # v1.g - unsigned long int
p.sendline("8") # v1.h - signed long long
p.sendline("9") # v1.i - unsigned long long
# print out PID and pause, so we can easily attach with gdb from another console (ptrace_scope needs to be 0 for this, otherwise you either need pwnlib.gdb attaching OR root)
print("PID: "+str(pidof(p)))
pause()
p.sendline("0") # quit
p.recv()
return 0
# Initial setup
if __name__ == "__main__":
binary = ELF(settings['binary'])
context.log_level = 'debug'
p = process(binary.path,stdin=PTY)
exploit()