From dfd1be33d9e06e780a63bafb4cf4984efe5d3427 Mon Sep 17 00:00:00 2001 From: Lukas Kotschi <lukas.kotschi@fau.de> Date: Mon, 1 Feb 2021 09:02:23 +0100 Subject: [PATCH] Fixed bug, added functionality --- utils/connect.py | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/utils/connect.py b/utils/connect.py index e6ac4a0..2d33091 100755 --- a/utils/connect.py +++ b/utils/connect.py @@ -1,7 +1,7 @@ #!/usr/bin/env python import sys import os -from pwn import * +from pwn import context, log, remote from base64 import b64encode HOST = "10.0.23.24" @@ -11,13 +11,17 @@ PORT = 31337 context.log_level = 'info' #context.log_level = 'debug' +filename = "x" +remote_filename = "x" +is_executable = True + ### SPLOIT ### CHUNKSIZE = 64 def connect(): log.info(p.recvuntil("$ ")) - with open("./x", "rb") as f: + with open(filename, "rb") as f: data = f.read() data = b64encode(data).decode() @@ -26,15 +30,28 @@ def connect(): nchunks = ldata // CHUNKSIZE rchunks = ldata % CHUNKSIZE + progress = log.progress("Transmitting {}".format(filename)) + import IPython; IPython.embed() assert nchunks * CHUNKSIZE + rchunks == ldata for idx in range(0,nchunks): - p.sendline("echo -n \"{}\" >> x.b64".format(data[(idx*CHUNKSIZE):(idx+1)*CHUNKSIZE])) + progress.status(str(idx * CHUNKSIZE) + " / " + str(ldata)) + p.sendline("echo -n \"{}\" >> {}.b64".format(data[(idx*CHUNKSIZE):(idx+1)*CHUNKSIZE], remote_filename)) + p.recvuntil("$ ") + + if rchunks: + p.sendline("echo -n \"{}\" >> {}.b64".format(data[(-1)*rchunks:], remote_filename)) p.recvuntil("$ ") - p.sendline("echo -n \"{}\" >> x.b64".format(data[(-1)*rchunks:])) + progress.success("Finished.") + + p.sendline("cat {}.b64 | base64 -d > {}".format(remote_filename, remote_filename)) + log.info(p.recvuntil("$ ")) + + if is_executable: + p.sendline("chmod +x {}".format(remote_filename)) + log.info(p.recvuntil("$ ")) - log.info("ldata: {}".format(ldata)) p.interactive() return -- GitLab