grant-h/exploit.py

## exploit.py
#!/usr/bin/env python
# coding: utf-8
import sys
import time

# pip install pwn
from pwn import *

# pip install ipython
from IPython import embed
from struct import pack,unpack
from binascii import hexlify

# Used for delaying after a send vs. a read
# You may not need this
def delay(name):
	if name != "":
		print("[+] Stage: '%s'" % name)
	time.sleep(0.8) # There MUST be a delay due to setvbuf in read()

def main(args):
    p = None

    # toggle to remote with ./pwn.py remote
    if len(args) == 2 and args[1] == "remote":
        p = remote("remote-server-url", 1234)
    else:
        p = process("./your_pwnable")

    # Try
    # p.recvlines(1), p.recv(10), p.readline()
    # p.write('data'), p.write('data with newline')

    # Note that if your program never ends, you will never see any output
    print p.recvall()
    sys.exit(0)

if __name__ == "__main__":
	main(sys.argv)
	#!/usr/bin/env python
	# coding: utf-8
	import sys
	import time

	# pip install pwn
	from pwn import *

	# pip install ipython
	from IPython import embed
	from struct import pack,unpack
	from binascii import hexlify

	# Used for delaying after a send vs. a read
	# You may not need this
	def delay(name):
	if name != "":
	print("[+] Stage: '%s'" % name)
	time.sleep(0.8) # There MUST be a delay due to setvbuf in read()

	def main(args):
	p = None

	# toggle to remote with ./pwn.py remote
	if len(args) == 2 and args[1] == "remote":
	p = remote("remote-server-url", 1234)
	else:
	p = process("./your_pwnable")

	# Try
	# p.recvlines(1), p.recv(10), p.readline()
	# p.write('data'), p.write('data with newline')

	# Note that if your program never ends, you will never see any output
	print p.recvall()
	sys.exit(0)

	if __name__ == "__main__":
	main(sys.argv)