hitconquals 2016 - angry boy brute force (part 1 of the challenge)

angry-boy-brute.py

from Crypto import Random
from Crypto.Cipher import AES
import base64
import requests
import re
import hashlib
import sys


#`[132, 203, 41, 215, 52, 248, 159, 26, 20, 59, 8, 177]`



def decrypt(encrypted, passphrase):
    IV = "0011223344556677"
    aes = AES.new(passphrase, AES.MODE_CBC, IV)
    return aes.decrypt(base64.b64decode(encrypted))

def getSeed():
    s = requests.session()
    r = s.get('http://52.196.144.8:8080/')
    page = r.content
    #print page
    m = re.search("md5\( \"([0-9a-zA-Z]+)\"", page)
    return (m.group(1), s)


def bruteMd5(seed):
    print seed
    m =  hashlib.md5(seed).hexdigest()
    thing = 0
    while m.startswith("666666") == False:
        m =  hashlib.md5(seed + str(thing) ).hexdigest()
        thing = thing + 1
    print m
    print thing
    return str(thing - 1)

def doPost(guess, line):
    seed, session = getSeed()
    payloadMd5 = bruteMd5(seed)
    r = session.post('http://52.196.144.8:8080/',
                     data = {"guess" : chr(guess), "captcha" : payloadMd5, "line" : line})
    print r.content
    return r.content

start_num = int(sys.argv[1])
line = int(sys.argv[2])

for i in xrange(start_num,256):
    print i
    content = doPost(i,line)
    if 'good' in content:
        print 'Found'
        print content.encode('hex')
        break