Created
September 16, 2019 10:29
-
-
Save Nicholaz99/576156392ff702478eaeca178abe2546 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
import string | |
context.log_level = 'error' | |
charset = '}_{.' + string.ascii_letters + string.digits + "!@#$%^&*()-+=[]?" | |
def count_same(a1, a2): | |
c = 0 | |
le = len(a1) if len(a1) < len(a2) else len(a2) | |
for i in range(le): | |
if a1[i] == a2[i]: | |
c += 1 | |
else: | |
break | |
return c | |
r = remote("crypto.chal.csaw.io", 1003) | |
c = r.recvuntil("\n").strip() | |
print "[+] CIPHER:", c | |
print "[+] LENGTH:", len(c)/2 | |
flag = "" | |
for i in range(1, 100): | |
payload = 'A' * i | |
r.recvuntil("Tell me something: ") | |
r.sendline(payload) | |
r.recvuntil("\n") | |
t = r.recvuntil("\n").strip() | |
payload = 'A' * i + 'f' | |
r.recvuntil("Tell me something: ") | |
r.sendline(payload) | |
r.recvuntil("\n") | |
res = r.recvuntil("\n").strip() | |
tc = count_same(res, t) | |
if(tc == 128): | |
print "[+] Length Payload:", len(payload) | |
print "[+] Payload:", payload | |
print "[+] Countss:", tc | |
flag += payload[-1] | |
idx = i | |
while True: | |
idx -= 1 | |
payload = 'A' * (idx) | |
r.recvuntil("Tell me something: ") | |
r.sendline(payload) | |
r.recvuntil("\n") | |
target = r.recvuntil("\n").strip() | |
for ch in charset: | |
payload = 'A' * (idx) + flag + ch | |
r.recvuntil("Tell me something: ") | |
r.sendline(payload) | |
r.recvuntil("\n") | |
res = r.recvuntil("\n").strip() | |
tc = count_same(res, target) | |
if (tc == 128): | |
# print "[+] Payload:", payload | |
# print "[+] Countss:", tc | |
flag += payload[-1] | |
break | |
print "[+] Curr Flag:", flag | |
if ("}" in flag): | |
print "[+] Flag: ", flag | |
exit() | |
exit() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment