ratm/ 0000755 0001750 0001750 00000000000 12704740040 011471 5 ustar p1kachu p1kachu ratm/exploit.py 0000755 0001750 0001750 00000002063 12704737346 013552 0 ustar p1kachu p1kachu #!/usr/bin/env python2
from hashlib import md5
import itertools
import sys
import socket
def test(salt):
tab = [ '\x00', '\x00', '\x00', '\x00', '\x00', '\x00' ]
while ord(tab[-1]) != 255 or ord(tab[0]) != 255:
tab[0] = chr((ord(tab[0]) + 1) % 256 )
idx = 0
while ord(tab[idx]) == 0:
idx += 1
tab[idx] = chr((ord(tab[idx]) + 1) % 256)
s = salt
if md5(s + ''.join(tab)).digest().startswith("\x00\x00\x00"):
print("MD5 OK")
return ''.join(tab)
def nc(hostname, port):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((hostname, port))
x = str((s.recv(4096).strip()).decode('utf8'))
print(x)
check = test(x)
s.send(check)
# Send image as color arrays
with open('match_stream', 'rb') as f:
s.send(f.read(3 * 4 * 320 * 240))
s.send(f.read(3 * 4 * 320 * 240))
s.send(f.read(3 * 4 * 320 * 240))
print("")
print("Flag: {0}".format(s.recv(4096)))
#nc("40.117.46.42", 29281)
nc("127.0.0.1", 29281)
ratm/match.jpg 0000644 0001750 0001750 00000023201 12704632460 013273 0 ustar p1kachu p1kachu JFIF ` ` Photoshop 3.0 8BIM P
Picasa 2.0u
10244c-1-ffffff58-6
79600051-c47b4ec2-2b0b2e7e-1b50035e
1024
768
78149
v
JFIF C
%# , #&')*)-0-(0%()( C
(((((((((((((((((((((((((((((((((((((((((((((((((((
} !1AQa"q2#BR$3br
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
w !1AQaq"2B #3Rbr
$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz @" ?
\P(b( 1F(Q(b( 1F(Q(b( 1F(Q(b( 1F(Q(b( 1HE-E ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (4Ph P((((
y5i7w6:5PHcie;"88{*FӆVKn^5Wn dk;'C yO/9`W$[+.KKWZu-^Tyw֩i>=z~i-˶ďqRr
{$Ko