NDH 2k10 public wargame, level3

1. '''*********************************
2. |  level3 - brute force cracking   |
3. |               **                 |
4. |  http://wargame.nuitduhack.com/  |
5. |  http://www.nuitduhack.com/      |
6. *********************************'''
7. #!/usr/bin/python
8. import os
9.  
10. target = '/home/level3/crackme'
11. wanted = '2:8vytm&*9|)].l(ol;a'
12. arg = 'a'*20
13. solution_string = ''
14. size = 1024
15.  
16. print "-->Brute force cracking"
17. for char in range(20): # bf one by one
18.  for ascii in range(1, 256): # for all but \0 (ascii)
19.   arg = solution_string + chr(ascii) + 'a'*(19-char)
20.   # beware of bad char :
21.   if arg.find("'") == -1:
22.    # /home/level3/crackme 'all but single quote'
23.    cmd = "%s '%s'"%(target, arg)
24.   else:
25.    # /home/level3/crackme "all but double quote"
26.    cmd = '%s "%s"'%(target, arg)
27.   # reading the output
28.   res = os.popen(cmd).read(size)
29.   # searching for ciphered
30.   pos = res.find('Ciphered:')
31.   # ciphered is 20 bytes length
32.   ciphered = res[pos+10:pos+30]
33.   # check current ciphered char matching with wanted
34.   if ciphered[char] == wanted[char]:
35.    solution_string = ''.join([solution_string, chr(ascii)])
36.    break
37.  print '>%d%%'%(char*5)
38.  
39. # print solution string
40. print "\nSolution string: %s"%solution_string
41. # print string as a list to get unprintable ascii
42. print "Solution ascii: %s"%[solution_string]