Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
import binascii
import socket
import sys
HOST = 'challs.xmas.htsp.ro'
PORT = 1002
# Come up with a way to encode a word into a number, and binary search.
alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
log = open("net.log", "wb")
def send(s, data):
if isinstance(data, str):
data = bytearray(data, 'ascii')
#print(f"Sending {len(data)} bytes: {data}")
s.sendall(data)
log.write(data)
s.sendall(b'\n')
log.write(b'\n')
log.flush()
def recv_until(s, q):
buf = b""
while not buf.endswith(q):
data = s.recv(1)
buf += data
log.write(data)
log.flush()
#print(f"Received: {q}")
return buf.decode("utf-8")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
raw_cmd = "53616e74612773313333374956343230ab0c288b0ae26eaf8adbcf00bddf35fa"
cmd = binascii.unhexlify(raw_cmd)
iv = cmd[:16]
c = cmd[16:]
def xor(b1, b2):
return bytes(a ^ b for a, b in zip(b1, b2))
def prompt():
sys.stdout.write(recv_until(s, b"~$ "))
def run(c):
hexcmd = binascii.hexlify(c)
send(s, hexcmd)
def pad(bs, l):
if len(bs) > l:
raise Exception("Command too long")
# Pad
if len(bs) < l:
diff = l - len(bs)
bs = bs + bytes([diff] * diff)
return bs
def build_cmd(bs):
plain = pad(b"ls", 16)
c2 = xor(plain, iv)
bs = pad(bs, 16)
new_iv = xor(c2, bs)
return new_iv + c
prompt()
while True:
text = input()
ls = build_cmd(bytearray(text, "ascii"))
run(ls)
prompt()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment