libc= ELF('./라이브러리')

leak_binsh = libc_base + list(libc.search('/bin/sh'))[0]

leak_binsh = libc_base + next(libc.search("/bin/sh"))

---------------------------------------------------------------

strings -tx [사용라이브러리] | grep "/bin/sh"

 

Ref.https://nroses-taek.tistory.com/188

'HACKING > System hacking' 카테고리의 다른 글

python pty module with reverse shell  (0) 2019.09.21
bash trick(꿀 tip)  (0) 2019.08.21
unsafe unlink  (0) 2019.06.06
fastbin_dup_into_stack  (0) 2019.06.03
remote socket exploit??  (0) 2019.02.03

+ Recent posts

티스토리툴바