Something went wrong on our end
Select Git revision
-
Arnaud Lacombe authoredSigned-off-by:
Arnaud Lacombe <lacombar@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Michal Marek <mmarek@suse.cz>Arnaud Lacombe authoredSigned-off-by:
Arnaud Lacombe <lacombar@gmail.com>
Reviewed-by: Sam Ravnborg <sam@ravnborg.org>
Reviewed-by: Michal Marek <mmarek@suse.cz>
connect.py 1.41 KiB
#!/usr/bin/env python
import sys
import os
from pwn import context, log, remote
from base64 import b64encode
HOST = "10.0.23.24"
PORT = 31337
### SETUP ###
context.log_level = 'info'
#context.log_level = 'debug'
filename = "x"
remote_filename = "x"
is_executable = True
### SPLOIT ###
CHUNKSIZE = 64
def connect():
log.info(p.recvuntil("$ "))
with open(filename, "rb") as f:
data = f.read()
data = b64encode(data).decode()
ldata = len(data)
nchunks = ldata // CHUNKSIZE
rchunks = ldata % CHUNKSIZE
progress = log.progress("Transmitting {}".format(filename))
import IPython; IPython.embed()
assert nchunks * CHUNKSIZE + rchunks == ldata
for idx in range(0,nchunks):
progress.status(str(idx * CHUNKSIZE) + " / " + str(ldata))
p.sendline("echo -n \"{}\" >> {}.b64".format(data[(idx*CHUNKSIZE):(idx+1)*CHUNKSIZE], remote_filename))
p.recvuntil("$ ")
if rchunks:
p.sendline("echo -n \"{}\" >> {}.b64".format(data[(-1)*rchunks:], remote_filename))
p.recvuntil("$ ")
progress.success("Finished.")
p.sendline("cat {}.b64 | base64 -d > {}".format(remote_filename, remote_filename))
log.info(p.recvuntil("$ "))
if is_executable:
p.sendline("chmod +x {}".format(remote_filename))
log.info(p.recvuntil("$ "))
p.interactive()
return
if __name__=="__main__":
p = remote(HOST, PORT)
connect()