from pwn import *
ssh = ssh(host="pwnable.kr", port=2222, user="unlink", password="guest")
pgmUnlink = ssh.run(["/home/unlink/unlink"])
pgmUnlink.recvuntil("leak: ")
addrStack = pgmUnlink.recvline().strip()
pgmUnlink.recvuntil("leak: ")
addrHeap = pgmUnlink.recvline().strip()
pgmUnlink.sendline("stringToSend")
pgmUnlink.sendline("id")
print pgmUnlink.recvline()
print pgmUnlink.recvline()
ssh.close()
ssh = ssh(host="pwnable.kr", port=2222, user="unlink", password="guest")
pgmUnlink = ssh.run(["/home/unlink/unlink"])
pgmUnlink.recvuntil("leak: ")
addrStack = pgmUnlink.recvline().strip()
pgmUnlink.recvuntil("leak: ")
addrHeap = pgmUnlink.recvline().strip()
pgmUnlink.sendline("stringToSend")
pgmUnlink.sendline("id")
print pgmUnlink.recvline()
print pgmUnlink.recvline()
ssh.close()
❑ ssh() : Connecting to ssh server.
❑ pgmUnlink = ssh.run() : Executing a program and returning the connection.
❑ pgmUnlink.recvuntil("abc") : Reading data until the letter "abc" appears.
❑ pgmUnlink.recvline().strip() : Reading one line and removing blanks.
❑ pgmUnlink.sendline("stringToSend") : Sending a string line to the server.
❑ ssh.close() : Closing the connection.
※ pwntools reference(Link)