38 lines
615 B
Python
38 lines
615 B
Python
from pwn import *
|
|
import hashpumpy
|
|
import re
|
|
context.log_level = 'debug'
|
|
|
|
conn = remote('localhost', 10001) # 替换为实际的主机名和端口号
|
|
|
|
# 接收服务器的欢迎消息
|
|
string1 = conn.recvline().decode()
|
|
conn.recvline()
|
|
|
|
|
|
|
|
md5hash = re.search('\w{32}', string1)[0]
|
|
md5plain = re.search('\w{16}', string1)[0]
|
|
a = hashpumpy.hashpump(md5hash,md5plain,"1",4)
|
|
|
|
# 发送数据到服务器
|
|
payload1 = a[0]
|
|
payload2 = a[1]
|
|
|
|
conn.sendline(payload1)
|
|
conn.sendline(payload2)
|
|
|
|
|
|
# 接收并打印服务器的回复
|
|
response = conn.recvall()
|
|
print("Server response:", response)
|
|
|
|
# 关闭连接
|
|
conn.close()
|
|
|
|
|
|
|
|
|
|
|
|
|