28 lines
605 B
Python
28 lines
605 B
Python
|
from pwnlib.elf.corefile import Coredump
|
||
|
from pwnlib.util.cyclic import cyclic, cyclic_find
|
||
|
from pwnlib.util.packing import pack
|
||
|
from pwnlib.tubes.process import process
|
||
|
import os
|
||
|
|
||
|
# TODO: command line arguments
|
||
|
input_file = "input.txt"
|
||
|
exec_name = "./vuln-32"
|
||
|
core_file = "./core"
|
||
|
|
||
|
os.remove(core_file)
|
||
|
|
||
|
# TODO Loop until a crash, increase payload size each iteration
|
||
|
with open(input_file, "wb") as f:
|
||
|
payload = cyclic(512)
|
||
|
f.write(payload)
|
||
|
|
||
|
process([exec_name, input_file]).wait()
|
||
|
|
||
|
core = Coredump('./core')
|
||
|
|
||
|
assert pack(core.eip) in payload
|
||
|
|
||
|
print(cyclic_find(core.eip))
|
||
|
|
||
|
os.remove(input_file)
|