38 lines
618 B
Python
38 lines
618 B
Python
from pwn import *
|
|
import hashpumpy
|
|
import re
|
|
context.log_level = 'debug'
|
|
|
|
conn = remote('localhost', 10001) # 替换为实际的主机名和端口号
|
|
|
|
# 接收服务器的欢迎消息
|
|
string1 = conn.recvline().decode()
|
|
conn.recvline()
|
|
conn.recvline()
|
|
|
|
|
|
|
|
md5hash = re.search('\w{32}', string1)[0]
|
|
md5plain = re.search('\w{12}', string1)[0]
|
|
a = hashpumpy.hashpump(md5hash,md5plain,"ilove0xfa",8)
|
|
|
|
# 发送数据到服务器
|
|
payload_md5 = a[0].encode()
|
|
payload2 = a[1]
|
|
|
|
conn.sendline(payload_md5)
|
|
conn.sendline(payload2)
|
|
|
|
|
|
# 接收并打印服务器的回复
|
|
response = conn.recvall()
|
|
|
|
# 关闭连接
|
|
conn.close()
|
|
|
|
|
|
|
|
|
|
|
|
|