khr0x40sh/whole_lotta_candy_solve.py

## whole_lotta_candy_solve.py
from pwn import *
import json
import binascii

ip = '127.0.0.1'
port = 1337

r = remote(ip, port)

while True:
    # looks for final menu choice
    x = r.recvuntil(b"4.Exit")
    print(x.decode())
    #if modes not CTR, we need to switch until it is
    for xx in x.decode().split("\n"):
        if 'mode is' in xx:
            mode = xx.split(' ')[3]
            print(mode)
            break
    if "CTR" not in mode:
        sleep(1)
        payload = '{"option":"3"}'
        r.sendline(payload)
        x = r.recvuntil(b"]}")
        print(x.decode())
        sleep(1)
        x = r.recvuntil(b"modes:")
        print(x.decode())
        payload = '{"modes": ["CTR", "CTR", "CTR", "CTR", "CTR"]}'
        r.sendline(payload)
        sleep(1)
        print(x.decode())
    else:
        break

sleep(1)
payload = '{"option":"1"}'
r.sendline(payload)
#recv until end of JSON
x = r.recvuntil(b"\"}")
sleep(1)
print(x.decode())

#check added because sometimes I got multiple packets
for line in x.decode().split("\n"):
    if "ciphertext" in line:
        output = json.loads(line)
flag = output['ciphertext']

#It prints the flag, then the menu again
x = r.recvuntil(b"4.Exit")
print(x.decode())

payload = '{"option":"2"}'
r.sendline(payload)
sleep(0.5)
x = r.recvuntil(b"plaintext:")
print(x.decode())

text = "this is a test, repeat, this is a test, this is a test, repeat, this is a test"
payload = '{"plaintext":"'+text+'"}'
r.sendline(payload)
sleep(0.5)
x = r.recvuntil(b"\"}")

for line in x.decode().split("\n"):
    if "ciphertext" in line:
        output = json.loads(line)
test = output['ciphertext']

blob = xor(binascii.unhexlify(test.strip()), binascii.unhexlify(flag.strip()))
final = xor(text.strip().encode('utf-8'),blob)
print(final)
#HTB{KnOWN_pla1N737x7_a77aCk_l19h75_7H3_wAY_7hroU9H_mANy_Mod3z}
	from pwn import *
	import json
	import binascii

	ip = '127.0.0.1'
	port = 1337

	r = remote(ip, port)

	while True:
	# looks for final menu choice
	x = r.recvuntil(b"4.Exit")
	print(x.decode())
	#if modes not CTR, we need to switch until it is
	for xx in x.decode().split("\n"):
	if 'mode is' in xx:
	mode = xx.split(' ')[3]
	print(mode)
	break
	if "CTR" not in mode:
	sleep(1)
	payload = '{"option":"3"}'
	r.sendline(payload)
	x = r.recvuntil(b"]}")
	print(x.decode())
	sleep(1)
	x = r.recvuntil(b"modes:")
	print(x.decode())
	payload = '{"modes": ["CTR", "CTR", "CTR", "CTR", "CTR"]}'
	r.sendline(payload)
	sleep(1)
	print(x.decode())
	else:
	break

	sleep(1)
	payload = '{"option":"1"}'
	r.sendline(payload)
	#recv until end of JSON
	x = r.recvuntil(b"\"}")
	sleep(1)
	print(x.decode())

	#check added because sometimes I got multiple packets
	for line in x.decode().split("\n"):
	if "ciphertext" in line:
	output = json.loads(line)
	flag = output['ciphertext']

	#It prints the flag, then the menu again
	x = r.recvuntil(b"4.Exit")
	print(x.decode())

	payload = '{"option":"2"}'
	r.sendline(payload)
	sleep(0.5)
	x = r.recvuntil(b"plaintext:")
	print(x.decode())

	text = "this is a test, repeat, this is a test, this is a test, repeat, this is a test"
	payload = '{"plaintext":"'+text+'"}'
	r.sendline(payload)
	sleep(0.5)
	x = r.recvuntil(b"\"}")

	for line in x.decode().split("\n"):
	if "ciphertext" in line:
	output = json.loads(line)
	test = output['ciphertext']

	blob = xor(binascii.unhexlify(test.strip()), binascii.unhexlify(flag.strip()))
	final = xor(text.strip().encode('utf-8'),blob)
	print(final)
	#HTB{KnOWN_pla1N737x7_a77aCk_l19h75_7H3_wAY_7hroU9H_mANy_Mod3z}