#!/usr/bin/env python3from sys import argvfrom struct import pack, unpac

1. #!/usr/bin/env python3
2.  
3.  
4. from sys import argv
5. from struct import pack, unpack
6. import socket
7. import re
8.  
9. # unhexlify(b'41414141') = b'AAAA'
10. # hexlify(b'AAAA') = b'41414141'
11. from binascii import hexlify, unhexlify
12.  
13.  
14.  
15.  
16. ################### Helper methods #####################################################3
17.  
18. def p64(d):
19. """Return d packed as 64-bit unsigned integer (little endian)."""
20. return pack('<Q', d)
21.  
22.  
23.  
24. # Read exactly n bytes from the socket
25. def receive(n):
26. buf = bytearray()
27. while not len(buf) >= n:
28. buf += s.recv(1)
29. print(buf.decode())
30. return bytes(buf)
31.  
32.  
33. # Read from socket until the character sequence delimiter is read
34. def receive_until(delimiter):
35. buf = bytearray()
36. while not delimiter in buf:
37. buf += s.recv(1)
38. print(buf.decode())
39. return bytes(buf)
40.  
41.  
42. # Send data
43. def send(data):
44. print(data)
45. s.sendall(data)
46.  
47. # Send data + newline
48. def sendline(data):
49. send(data + b'\n')
50.  
51.  
52. # Extract all hexadecimal numbers from a string s
53. def extract_hexstr(s):
54. return re.findall(r'0x[0-9A-F]+',s.decode() , re.I)
55.  
56. # Convert hexstring (0x1234) to integer
57. def hexstr2int(s):
58. return int(s, 16)
59.  
60.  
61.  
62.  
63.  
64. ################### Create connection to target ########################################3
65.  
66.  
67. if len(argv) < 3:
68. print("Usage:\npython3 filename.py <host> <port>")
69. exit()
70.  
71. host = argv[1]
72. port = int(argv[2])
73.  
74. s = socket.create_connection((host, port))
75.  
76.  
77.  
78.  
79. ################### Put your exploit code here #########################################3
80.  
81. receive_until(b'> ')