Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from contextlib import contextmanager
- import socket
- import re
- # Receive data until a certain message is found
- def recv_until(socket, message):
- data = ""
- while (data.find(message) == -1):
- data += socket.recv(1).decode()
- return data
- # I like to be able to write with sock(...) as s
- @contextmanager
- def sock(*args, **kw):
- s = socket.socket(*args, **kw)
- try:
- yield s
- finally:
- s.close()
- # convert a list of data in 'base' to string
- def base_to_str(parts, base):
- return ''.join(chr(int(value, base)) for value in parts)
- # We'll connect directly to the shell and send our exploit data
- HOST = "2018shell.picoctf.com"
- PORT = 1225
- with sock(socket.AF_INET, socket.SOCK_STREAM) as s:
- s.connect((HOST, PORT))
- # Get the first question and convert the binary values to a string and send
- question = recv_until(s, "To make things interesting, you have 30 seconds.\nInput:\n")
- solution = base_to_str(re.findall("([01]{8})", question), 2)
- print("found '{:s}' from binary string".format(solution))
- s.send((solution + "\n").encode())
- # Get the second question and convert the hex values to a string and send
- question = recv_until(s, "as a word.\nInput:\n")
- solution = base_to_str(re.findall("([0-9a-f]{2})", re.findall("the ([0-9a-f]+)", question)[0]), 16)
- print("found '{:s}' from hexadecimal string".format(solution))
- s.send((solution + "\n").encode())
- # Get the third question and convert the octal values to a string and send
- question = recv_until(s, "as a word.\nInput:\n")
- solution = base_to_str(re.findall("([0-7]+)", question), 8)
- print("found '{:s}' from octal string".format(solution))
- s.send((solution + "\n").encode())
- # Get the flag
- flagline = recv_until(s, "}")
- flagtext = re.findall("(picoCTF\{.+\})", flagline)[0]
- print(flagtext)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
