CreateRemoteThread/abctf-zippy-brute.py

## abctf-zippy-brute.py
#!/usr/bin/python

import string
import zlib
import os
import sys

base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="

crc32_array = {}

print " [+] step 1: globby glob glob motherfuckers"
for f in os.listdir("zips"):
  if f != "." and f != "..":
    fd = open("zips/%s" % f,"rb")
    data = fd.read()
    filenum = f[5:]
    filenum = filenum[:-4]
    crc32 = ord(data[0xE]) + ord(data[0xF]) * 0x100 + ord(data[0x10]) * 0x10000 + ord(data[0x11]) * 0x1000000
    # print "file : %d, crc32 %x" % (int(filenum),crc32)
    crc32_array[int(filenum)] = crc32
    fd.close()

print " [+] step 2: %d crcs collected, brute forcing the fuck out of everything" % len(crc32_array.keys())

result_array = {}

for c1 in base64_chars:
  for c2 in base64_chars:
    for c3 in base64_chars:
      for c4 in base64_chars:
        s = ""+c1+c2+c3+c4
        a = zlib.crc32(s) & 0xFFFFFFFF
        for i in range(0,len(crc32_array.keys())):
          if a == crc32_array[i]:
            print "matched: zip %d is %s" % (i,s)
            result_array[i] = s
            # del crc32_array[i]
        # iif a == 0xDE65c01B:
        #   print "match! %s" % s

print " [+] step 3: combining again"

if len(result_array.keys()) != len(crc32_array.keys()):
  print " [!] mismatch. fuck. %d crc32s, %d cracked" % (len(crc32_array.keys()), len(result_array.keys()))
  sys.exit(0)

out = ""
for i in range(0,len(result_array.keys())):
  out += result_array[i]

print out

fw = open("result.b64","wb")
fw.write(out)
fw.close()
	#!/usr/bin/python

	import string
	import zlib
	import os
	import sys

	base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="

	crc32_array = {}

	print " [+] step 1: globby glob glob motherfuckers"
	for f in os.listdir("zips"):
	if f != "." and f != "..":
	fd = open("zips/%s" % f,"rb")
	data = fd.read()
	filenum = f[5:]
	filenum = filenum[:-4]
	crc32 = ord(data[0xE]) + ord(data[0xF]) * 0x100 + ord(data[0x10]) * 0x10000 + ord(data[0x11]) * 0x1000000
	# print "file : %d, crc32 %x" % (int(filenum),crc32)
	crc32_array[int(filenum)] = crc32
	fd.close()

	print " [+] step 2: %d crcs collected, brute forcing the fuck out of everything" % len(crc32_array.keys())

	result_array = {}

	for c1 in base64_chars:
	for c2 in base64_chars:
	for c3 in base64_chars:
	for c4 in base64_chars:
	s = ""+c1+c2+c3+c4
	a = zlib.crc32(s) & 0xFFFFFFFF
	for i in range(0,len(crc32_array.keys())):
	if a == crc32_array[i]:
	print "matched: zip %d is %s" % (i,s)
	result_array[i] = s
	# del crc32_array[i]
	# iif a == 0xDE65c01B:
	# print "match! %s" % s

	print " [+] step 3: combining again"

	if len(result_array.keys()) != len(crc32_array.keys()):
	print " [!] mismatch. fuck. %d crc32s, %d cracked" % (len(crc32_array.keys()), len(result_array.keys()))
	sys.exit(0)

	out = ""
	for i in range(0,len(result_array.keys())):
	out += result_array[i]

	print out

	fw = open("result.b64","wb")
	fw.write(out)
	fw.close()