grittyninja/gist:4608b40dc8c91740494db6a28c53c1cc

## gistfile1.txt
#!/usr/bin/env python2
import os
import string
import operator
import commands
charset = "_{}" + string.ascii_letters + string.digits
offset = 24 # true condition - false condition
tmp = ""
cm = ""
def main():
	state = 0
	flag = ""
	while 1:
		detect = 0
		for c in charset:
				tmp = flag + c
				fd = open("guess", "w")
				fd.write(tmp + '\n')
				fd.close()
				commands.getstatusoutput("env -i ./pin -ifeellucky -t source/tools/ManualExamples/obj-intel64/inscount0.so -- ./wirth < guess")
				fd = open("inscount.out", "r")
				count = int(fd.read().split(" ")[1])
				fd.close()
				print '[+] count : ', count, c


				if count - state == -offset:
					flag += cm; detect = 1
					break
				elif count - state == offset:
					flag += c; detect = 1
					break


				state = count
				cm = c
		print "flag:", flag
		if not(detect):
			break


if __name__ == "__main__":
    main()
	#!/usr/bin/env python2
	import os
	import string
	import operator
	import commands
	charset = "_{}" + string.ascii_letters + string.digits
	offset = 24 # true condition - false condition
	tmp = ""
	cm = ""
	def main():
	state = 0
	flag = ""
	while 1:
	detect = 0
	for c in charset:
	tmp = flag + c
	fd = open("guess", "w")
	fd.write(tmp + '\n')
	fd.close()
	commands.getstatusoutput("env -i ./pin -ifeellucky -t source/tools/ManualExamples/obj-intel64/inscount0.so -- ./wirth < guess")
	fd = open("inscount.out", "r")
	count = int(fd.read().split(" ")[1])
	fd.close()
	print '[+] count : ', count, c


	if count - state == -offset:
	flag += cm; detect = 1
	break
	elif count - state == offset:
	flag += c; detect = 1
	break


	state = count
	cm = c
	print "flag:", flag
	if not(detect):
	break





	if __name__ == "__main__":
	main()