pwn tool
Install tool
apt-get update
apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade pwntools
Get function address
#!/bin/bin/env python3
import argparse
import pwn
elf = pwn.ELF(".vuln")
print(hex(elf.symbols["win"]))
cli command readelf -s vuln
Create shellcode setreuid prefix
pwn shellcraft -f d amd64.linux.setreuid 1003
\x31\xff\x66\xbf\xeb\x03\x6a\x71\x58\x48\x89\xfe\x0f\x05
14 bytes