Last active
October 22, 2017 16:15
-
-
Save pich4ya/065a481a7b10a1101cd5ef96e15f3309 to your computer and use it in GitHub Desktop.
Thailand CTF 2017 Write-up : Pickles (250)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
โจทย์ f.pkl | |
ccopy_reg | |
_reconstructor | |
p0 | |
(c__main__ | |
Foo | |
p1 | |
c__builtin__ | |
object | |
p2 | |
Ntp3 | |
Rp4 | |
(dp5 | |
S'y' | |
p6 | |
S'x\x9c\x1d\x8aA\n\x800\x0c\x04\xbf\xb27/\xe2\x17\xbc\xdagX\x08\xb6X\x8d$)%\xbf7zYf\x87\xd9\xa85\x9e\x91P\xf8!8w\xecB\x18a\x17\xa4\xe9\x82\x89\xd7\xfb\x8012[!\xf9\x93\xec\xe8\xfa\xe9\xc61j\x12\xac\xd1+\xaaa\xb0\x9c\xf1\xd7\x17\x84\xe5\x1f\xad' | |
p7 | |
sS'x' | |
p8 | |
S'x\x9c\x1d\x8aA\n\x800\x0c\x04\xbf\xb2WA|\x80\x17\xaf\xf5\xee\x07J-6\x90\x1aI\x94\xe0\xef\r\xc2\x9cf&Uf\x19\x91\xc4\x91\xb5\xe2\x95g\xc1\x8a\xdc\xb1\x0b\x9d\x07<\xf2\x84\xad\x91!\xc8`\ti\xb7\xfe\xadQiq\xc0\x89\x19E\xfa\xa5\xd5\x0c\xf3\xf0\x01\xb9C\x1c\xdf' | |
p9 | |
sS'z' | |
p10 | |
S'x\x9c\xf3,Q/V\xc8MUHLO\xcc\xcc\xd3S\xf0T(\xcf,\xceP\xa8\xcc/U(\xc9HUHJ-.Q\xc8OS\xc8)M\xce\x06\xca\x94d\x00E3\x8b\x15\x923\x12srR\xf3\xd2S\x15\xac\\\x00\xd5\xb8\x16a' | |
p11 | |
sS'b' | |
p12 | |
S"x\x9c]\x8c1\n\xc30\x10\x04\xbf\xb2\x9d\x1a\xe3\x07\xa4s'H\x9b\x0f\x1c\xd2J\n9\xebDN`\xf2\xfb\x18\x97n\x87\x99\x89T\xb5\x05\xb3\x11\xced=\xa3\x89\x16X\xb9PQ\xa9x;D\xdd\xd0\xc9\xcc\x8ciH\xb6\x0f\xe5\xe4\xe5\xa43P\xf6\xca\x15\x91_\x06\xbf\xcf\x1e\x08Or\xf8\xab1J\xfa\xf8v\xc8/\xfc\x01\xf6d*:" | |
p13 | |
sS'v' | |
p14 | |
S'x\x9c\xf3H\xcd\xc9\xc9\xd7Q\xf0T(O\xcc+IMQ(\xc9W(\x01\n)T\xe6\x97*\x94g$\x96(\x94d\xa4*\xa4\xe5$\xa6+d\x16\xeb)x\xa4\x16\xa5\xaa\x17C\xc42\x8b\x8aK\x142\x12s\xd2\xac\x14\xd4\x1d\x032\x93\xb3sR\x1d]\x12+\xd5\x01\x8e\xf6\x1b\xd9' | |
p15 | |
sb. | |
วิธีแก้ | |
import zlib | |
import pickle | |
class Foo(object): | |
pass | |
fpkl = open('250-PICKLES/f.pkl','r').read() | |
fooObj = pickle.loads(fpkl) | |
# print dir(fooObj) | |
# ['__class__', '__delattr__', '__dict__', '__doc__', '__format__', '__getattribute__', '__hash__', '__init__', '__module__', '__new__', '__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__sizeof__', '__str__', '__subclasshook__', '__weakref__', 'b', 'v', 'x', 'y', 'z'] | |
print zlib.decompress(fooObj.b) | |
print zlib.decompress(fooObj.v) | |
print zlib.decompress(fooObj.x) | |
print zlib.decompress(fooObj.y) | |
print zlib.decompress(fooObj.z) | |
# $ python pickle-pro250.py | |
# Hello, the second half of the flag is also needed to complete the challenge. Here's the second half: 'KeepsTheHacksAway' | |
# Hello, I wanted to tell you what the flag is. Here's the first half: 'APickleADay' | |
# Hello, How are you? I am doing well. This is a long string which we will compress :) | |
# Hello, I hope you are well. I'm trying to bother you by using long strings. Is it working? | |
# It's me again. I wish you the best of luck with this challenge :D | |
Flag: APickleADayKeepsTheHacksAway |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment