pwntools

Ref

• https://github.com/Gallopsled/pwntools

Installation

• https://docs.pwntools.com/en/stable/install.html
• git clone https://github.com/Gallopsled/pwntools
• pip install --upgrade --editable ./pwntools

Usage

• Sample code: https://raw.githubusercontent.com/lethanhtung01011980/Notes/master/pwn_sample.py
• wget https://raw.githubusercontent.com/lethanhtung01011980/Notes/master/pwn_sample.py
• python pwn_sample.py

payload = "A"*28 + struct.pack("<I",0xffffd610 + 32) + shellcode

• https://docs.python.org/2/library/struct.html
• < little-endian
• > big-endian
• I: unsigned int

payload = "A"*28 + p32(0xffffd610) + shellcode

• OR struct.pack("<I",0xffffd610 + 32)
• p32: 32 bit?