Skip to content

Instantly share code, notes, and snippets.

@rekkusu

rekkusu/log.txt

Last active August 29, 2015 14:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rekkusu/cee8b48ee0d49116fedc to your computer and use it in GitHub Desktop.
Save rekkusu/cee8b48ee0d49116fedc to your computer and use it in GitHub Desktop.
Download ZIP
CSAW CTF 2014 Bin300(1) wololo
Raw
log.txt
I'm ready to accept your input file!
Run this with: python wololo_x.py hostname port file_to_submit
#!/usr/bin/env python
import sys, socket, struct
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], int(sys.argv[2])))
print s.recv(1024)
contents = open(sys.argv[3], "rb").read()
s.send(struct.pack("<I", len(contents)) + contents)
print "The challenge server says: ", s.recv(1024)
Valid! flag{Small Group of Helpless Villages? Call in the Trebuchets.}
Raw
wololo.py
from pwn import *
s = remote('54.164.98.39', 2510)
print s.recv(1024)
#header
data = p32(0x4F4C4F57) #magic
data += p32(1) #version
data += p16(4) #col
data += p16(4) #row
# col header
data += p8(5)
data += 'USERNAME' + '\0' * (16 - 8)
data += p8(6)
data += 'PASSWORD' + '\0' * (16 - 8)
data += p8(0)
data += 'ADMIN' + '\0' * (16 - 5)
data += p8(0)
data += 'ISAWESOME' + '\0' * (16 - 9)
# data
row = ''
row += 'captainfalcon' + '\0' * (16 - 13)
row += 'fc03329505475dd4be51627cc7f0b1f1'
row += p8(1)
row += p8(1)
data += row * 4
s.send(p32(len(data)) + data)
print s.recv(1024)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment