captain-woof · January 28, 2021 20:32
diff --git a/picoctf-seed-spring-exploit.py b/picoctf-seed-spring-exploit.py
 #!/usr/bin/python3
 from pwn import *
 from time import time
 import sys
 from random import randint

 if len(sys.argv) != 2:
 	warn("Usage: {} <local|remote>".format(sys.argv[0]))
 	exit(0)
 else:
 	attempt = 0
 	while True:
 		# Attempt no.
 		attempt += 1
 		print("")
 		att = log.progress("Attempt #{}".format(attempt))
 		att.status("Running...")
 		
 		# Init time
 		t0 = int(time())	
 		info("\tInit time:   {} secs".format(t0))
 		
 		# Make the connection
 		context.log_level = 'warn'
 		if sys.argv[1] == "local":
 			p = process('./seed_spring')
 		elif sys.argv[1] == "remote":
 			p = remote('jupiter.challenges.picoctf.org',34558)
 		context.log_level = 'info'
 		
 		# Final time
 		p.recvuntil("Guess the height: ")
 		t1 = int(time())
 		info("\tFinal time:  {} secs".format(t1))
 		
 		# Guess the possible pattern
 		unix_time = str(randint(t0,t1))		
 		info("\tChosen time: {} secs".format(unix_time))
 		context.log_level = 'warn'
 		pattern = process(['./pattern_generator',unix_time]).recvline().decode().strip().split(" ")
 		context.log_level = 'info'
 		
 		# Try to see if chosen pattern is correct		
 		num = pattern.pop(0)
 		send = log.progress("Sending")
 		send.status(str(num))
 		p.sendline(num.encode())
 		resp = p.recvline().decode()
 		if "WRONG" in resp:
 			send.failure("Stopped")
 			att.failure("Wrong pattern guessed")
 			continue
 		else:
 			# Work with the right pattern
 			isFailure = False
 			att.status("Seems to be the right pattern !")
 			guess_no = 1
 			for num in pattern:
 				guess_no += 1
 				p.recvuntil("Guess the height: ")
 				send.status("Input #{}/30 -> [{}]".format(guess_no,num))
 				p.sendline(num.encode())
 				resp = p.recvline().decode().strip()
 				if "WRONG" in resp:
 					send.failure("Stopped")
 					att.failure("Nope, wrong pattern :(")
 					isFailure = True
 					break
 			if not isFailure:
 				att.success("Finally got it!")				
 				send.success("All sent!")
 				flag = p.recvall().decode()
 				print("-"*36)
 				info("GOT FLAG: {}".format(flag))
 				break
	#!/usr/bin/python3
	from pwn import *
	from time import time
	import sys
	from random import randint

	if len(sys.argv) != 2:
	warn("Usage: {} <local\|remote>".format(sys.argv[0]))
	exit(0)
	else:
	attempt = 0
	while True:
	# Attempt no.
	attempt += 1
	print("")
	att = log.progress("Attempt #{}".format(attempt))
	att.status("Running...")

	# Init time
	t0 = int(time())
	info("\tInit time: {} secs".format(t0))

	# Make the connection
	context.log_level = 'warn'
	if sys.argv[1] == "local":
	p = process('./seed_spring')
	elif sys.argv[1] == "remote":
	p = remote('jupiter.challenges.picoctf.org',34558)
	context.log_level = 'info'

	# Final time
	p.recvuntil("Guess the height: ")
	t1 = int(time())
	info("\tFinal time: {} secs".format(t1))

	# Guess the possible pattern
	unix_time = str(randint(t0,t1))
	info("\tChosen time: {} secs".format(unix_time))
	context.log_level = 'warn'
	pattern = process(['./pattern_generator',unix_time]).recvline().decode().strip().split(" ")
	context.log_level = 'info'

	# Try to see if chosen pattern is correct
	num = pattern.pop(0)
	send = log.progress("Sending")
	send.status(str(num))
	p.sendline(num.encode())
	resp = p.recvline().decode()
	if "WRONG" in resp:
	send.failure("Stopped")
	att.failure("Wrong pattern guessed")
	continue
	else:
	# Work with the right pattern
	isFailure = False
	att.status("Seems to be the right pattern !")
	guess_no = 1
	for num in pattern:
	guess_no += 1
	p.recvuntil("Guess the height: ")
	send.status("Input #{}/30 -> [{}]".format(guess_no,num))
	p.sendline(num.encode())
	resp = p.recvline().decode().strip()
	if "WRONG" in resp:
	send.failure("Stopped")
	att.failure("Nope, wrong pattern :(")
	isFailure = True
	break
	if not isFailure:
	att.success("Finally got it!")
	send.success("All sent!")
	flag = p.recvall().decode()
	print("-"*36)
	info("GOT FLAG: {}".format(flag))
	break
No results found