hkraw/gopher_oracle.py

## gopher_oracle.py
from pwn import *
from past.builtins import xrange
from time import *

def execute(command):
    io.sendlineafter('(gdb) ',command)

def rerun_process():
    io.sendlineafter('(gdb) ','r')

if __name__ == '__main__':
    known_flag = b'nactf{'

    for j in xrange(0x39 - 0x6):
        for i in xrange(0x21,0x7e):
            io = process('/usr/bin/gdb')
            print(i)
            execute('file ./gopher')
            execute('b *0x46702a')
            execute('r')
            print('c = ',chr(i))
            a = known_flag+ bytes(chr(i),'ascii')
            print("A = ", a)

            io.sendlineafter('Got a flag for me?\n',a)
            execute('set $rax = $rcx')
            execute('c')
            io.recvline()
            if b'Congratuations, you got it!\n' in io.recvline():
                known_flag += chr(i).encode()
                print(known_flag)
                print("OK")
                io.close()
                break
            else:
                io.close()
	from pwn import *
	from past.builtins import xrange
	from time import *

	def execute(command):
	io.sendlineafter('(gdb) ',command)

	def rerun_process():
	io.sendlineafter('(gdb) ','r')

	if __name__ == '__main__':
	known_flag = b'nactf{'

	for j in xrange(0x39 - 0x6):
	for i in xrange(0x21,0x7e):
	io = process('/usr/bin/gdb')
	print(i)
	execute('file ./gopher')
	execute('b *0x46702a')
	execute('r')
	print('c = ',chr(i))
	a = known_flag+ bytes(chr(i),'ascii')
	print("A = ", a)

	io.sendlineafter('Got a flag for me?\n',a)
	execute('set $rax = $rcx')
	execute('c')
	io.recvline()
	if b'Congratuations, you got it!\n' in io.recvline():
	known_flag += chr(i).encode()
	print(known_flag)
	print("OK")
	io.close()
	break
	else:
	io.close()