-
Notifications
You must be signed in to change notification settings - Fork 55
/
Copy pathtemplate.py
executable file
·92 lines (56 loc) · 1.66 KB
/
template.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/usr/bin/env python3
from sys import argv
from struct import pack, unpack
from time import sleep
import socket
import re
from binascii import hexlify, unhexlify
# Example usage:
# unhexlify(b'41414141') = b'AAAA'
# hexlify(b'AAAA') = b'41414141'
################### Helper methods #####################################################
def log(buf):
try:
print(buf.decode())
except:
print(bytes(buf) + b'\n')
# Return a number d packed as a 64 bit unsigned integer (little endian)
def p64(d):
return pack('<Q', d)
# Read exactly n bytes from the socket
def receive(n):
buf = bytearray()
while not len(buf) >= n:
buf += s.recv(1)
log(buf)
return bytes(buf)
# Read from socket until the character sequence delimiter is read
def receive_until(delimiter):
buf = bytearray()
while not delimiter in buf:
buf += s.recv(1)
log(buf)
return bytes(buf)
# Send data
def send(data):
log(data)
s.sendall(data)
# Send data + newline
def sendline(data):
send(data + b'\n')
# Extract all hexadecimal numbers from a string s
# Returns an array containing all matches
def extract_hexstr(s):
return re.findall(r'0x[0-9A-F]+',s.decode() , re.I)
# Convert hexstring (e.g. "1ab4ff") to integer
def hexstr2int(s):
return int(s, 16)
################### Create connection to target ########################################
if len(argv) < 3:
print("Usage:\npython3 filename.py <host> <port>")
exit()
host = argv[1]
port = int(argv[2])
s = socket.create_connection((host, port))
################### Put your exploit code here #########################################
receive_until(b'> ')