Created
October 14, 2019 13:14
-
-
Save ducnhse130201/4a03ec078fb1a3677607b99a9d6378ae to your computer and use it in GitHub Desktop.
misc_hexdump.py (hitcon 2019 quals)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from telnetlib import * | |
from hashlib import * | |
def write(data): | |
r.read_until('0) quit') | |
r.write("1\n") | |
r.read_until("Data? (In hex format)") | |
r.write(data + "\n") | |
def read(): | |
r.read_until('0) quit') | |
r.write("2\n") | |
r.read_until("\n") | |
return r.read_until("\n").strip() | |
def change_mode(mode): | |
r.read_until('0) quit') | |
r.write("3\n") | |
r.read_until("- AES") | |
r.write(mode + "\n") | |
def cp_flag(): | |
r.read_until('0) quit') | |
r.write("1337\n") | |
# idea byte at a time | |
# 1) cp_flag() | |
# 2) write(char_brute) => flag: hitcon{XXXX}, write("a") => flag: aitcon{XXXX} | |
# check valid char via read() method | |
# => flag: hitcon{xxd?XDD!ed45dc4df7d0b79} | |
import string | |
table = "_{}?!@#$%^&*" + string.ascii_letters + "1234567890" | |
flag = "hitcon{" | |
for i in range(100): | |
r = Telnet('13.113.205.160', 21700) | |
for char in table: | |
cp_flag() | |
a = read() | |
write((flag + char).encode("hex")) | |
b= read() | |
if a == b: | |
flag += char | |
print flag | |
break | |
r.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment