Last active
January 23, 2022 19:56
-
-
Save GordonOus/0ce195704847202f62614e1d62cfd2bf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import time | |
| import random | |
| from pwn import * | |
| def gen_seeds(s): | |
| return list(range((s - 20),(s + 20))) | |
| possible_seeds = gen_seeds(int(time.time())) | |
| conn = remote('IP ADDRESS',PORT) | |
| d = conn.recvlines(60, True, 10) | |
| data = d[-2].split(b'EXTRACTION')[-1].strip()[1:].decode().lstrip() #get the extracted values | |
| print(f'Extracted: {data}') | |
| conn.recv() #to retrieve the last bit if data that doesnt end in a \r\n | |
| seed = 0 | |
| for sd in possible_seeds: | |
| random.seed(sd) | |
| solution = '' | |
| counter = 0 | |
| while counter < 5: | |
| solution += str(randint(1,90)) + ' ' | |
| counter += 1 | |
| if solution.strip() == data: | |
| print(f'Seed: {sd}') | |
| seed = sd | |
| break | |
| #we know we need to get at least 10 random values with the bruteforced seed and send back the last 5 as the solution | |
| #set the seed value | |
| random.seed(seed) | |
| solutions = [] | |
| for i in range(0,10): | |
| sln = str(randint(1,90)) | |
| solutions.append(sln) | |
| sln = ' '.join(solutions[5:]) | |
| print(sln) | |
| conn.sendline(bytes(sln,'utf-8')) | |
| flag = conn.recvlines(2,True,10) | |
| print(flag) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment