Skip to content

pwn tool

Install tool

apt-get update
apt-get install python3 python3-pip python3-dev git libssl-dev libffi-dev build-essential
python3 -m pip install --upgrade pip
python3 -m pip install --upgrade pwntools

Get function address

#!/bin/bin/env python3
import argparse
import pwn
elf = pwn.ELF(".vuln")
print(hex(elf.symbols["win"]))

cli command readelf -s vuln

Create shellcode setreuid prefix

pwn shellcraft -f d amd64.linux.setreuid 1003
\x31\xff\x66\xbf\xeb\x03\x6a\x71\x58\x48\x89\xfe\x0f\x05

14 bytes