-
-
Save ducnhse130201/5a65d8cda1ed6d1adc8d95adc153a3a1 to your computer and use it in GitHub Desktop.
TSULOTT2_solve
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| def ticket(number,bet): | |
| s = requests.Session() | |
| url = 'http://149.28.144.129/ticket' | |
| cookies = {'session': 'bf10606a-717e-47f1-ad87-52d7261903a6'} | |
| data = {'number': number, 'bet': bet} | |
| r = s.post(url,data=data,cookies=cookies) | |
| res = r.content | |
| if 'Here your ticket: ' in res: | |
| res = res.split('Here your ticket: ')[1].split('</div>')[0].strip() | |
| return res | |
| def reset(): | |
| s = requests.Session() | |
| url = 'http://149.28.144.129/reset' | |
| cookies = {'session': 'bf10606a-717e-47f1-ad87-52d7261903a6'} | |
| r = s.get(url,cookies=cookies,allow_redirects=True) | |
| def market(buy): | |
| s = requests.Session() | |
| url = 'http://149.28.144.129/market' | |
| cookies = {'session': 'bf10606a-717e-47f1-ad87-52d7261903a6'} | |
| data = {'buy': buy} | |
| r = s.post(url,data=data,cookies=cookies) | |
| def buy_source(): | |
| while True: | |
| t = ticket(10, 1000) | |
| s = requests.Session() | |
| url = 'http://149.28.144.129/lott' | |
| cookies = {'session': 'bf10606a-717e-47f1-ad87-52d7261903a6'} | |
| data = {'ticket': t} | |
| r = s.post(url,data=data,cookies=cookies) | |
| res = r.content | |
| if 'Jackpot' in res: | |
| res = res.split('<div class="bg-primary">')[1].split('</div>')[0].strip() | |
| print res | |
| jackpot = res.split('Jackpot: ')[1].split(' | Your guess: ')[0] | |
| guess = res.split('Jackpot: ')[1].split(' | Your guess: ')[1] | |
| if jackpot == guess: | |
| print 'bingo' | |
| market('source') # buy source | |
| break | |
| else: | |
| reset() | |
| def xor(s1,s2): | |
| return ''.join(chr(ord(a) ^ ord(b)) for a,b in zip(s1,s2)) | |
| def lott(ticket): | |
| s = requests.Session() | |
| url = 'http://149.28.144.129/lott' | |
| cookies = {'session': 'bf10606a-717e-47f1-ad87-52d7261903a6'} | |
| data = {'ticket': ticket} | |
| r = s.post(url,data=data,cookies=cookies) | |
| return r.content | |
| i = 1 | |
| while True: | |
| print 'trying: ' + str(i) | |
| t = ticket(10, 910) | |
| res1 = lott(t) | |
| if 'Jackpot' in res1: | |
| res1 = res1.split('<div class="bg-primary">')[1].split('</div>')[0].strip() | |
| print 'res1: ' + res1 | |
| jackpot = res1.split('Jackpot: ')[1].split(' | Your guess: ')[0] | |
| guess = res1.split('Jackpot: ')[1].split(' | Your guess: ')[1] | |
| if jackpot == guess: | |
| reset() | |
| t = ticket(1, 100000000000000).decode('hex') | |
| iv = t[:16] | |
| enc = t[16:] | |
| new_iv = xor(iv, xor('number=1;bet=100','number=1;bet=10_')) | |
| new_t = (new_iv + enc).encode('hex') | |
| res2 = lott(new_t) | |
| if 'Jackpot' in res2: | |
| res2 = res2.split('<div class="bg-primary">')[1].split('</div>')[0].strip() | |
| print 'res2: ' + res2 | |
| jackpot = res2.split('Jackpot: ')[1].split(' | Your guess: ')[0] | |
| guess = res2.split('Jackpot: ')[1].split(' | Your guess: ')[1] | |
| if jackpot == guess: | |
| print 'bingo' | |
| market('flag') | |
| break | |
| else: | |
| reset() | |
| i += 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment