def main(): nc = Netcat('140.112.31.96', 10154) nc.read_until('>') nc.write('2\n') nc.read_until('>') nc.read_until('>') nc.write('1\n') token = nc.read_until('>') token = token.split('Token: ')[1].split('===')[0][:-1] ori_data = '&BALSN_Coin=1' app_data = '&BALSN_Coin=100000000000' is_invalid = '' length = 44 while 'Here is your flag!' not in is_invalid: nc.write('3\n') nc.read_until('>') nc.read_until('>') tmp = hashpumpy.hashpump(token, ori_data, app_data, length) nc.write(base64.b64encode(tmp[1].split('Coin=', 1)[1]) + '\n') nc.read_until('>') nc.write(tmp[0] + '\n') is_invalid = nc.read_until('>') if 'Here is your flag!' in is_invalid: print is_invalid.split('Here is your flag!')[1][1:].split( '\n===')[0] exit(1) length += 1 if length > 54: break exit(0)
def main(): #print(b"\xf0\x9f\x90\xb0") 🐰 #print(b"\xf0\x9f\x90\x87") 🐇 #print(b"\xf0\x9f\x90\xa3") 🐣 #print(b"\xf0\x9f\x90\xa4") 🐤 #print(b"\xf0\x9f\x90\xa5") 🐥 #print(b"\xf0\x9f\xa5\x9a") 🥚 #print(b"\xf0\x9f\x8f\xb4") 🏴 #print(b"\xf0\x9f\x8f\xb3\xef\xb8\x8f") 🏳️ #connect("challenges.ctfd.io", 30035) nc = Netcat("challenges.ctfd.io", 30035) temp = nc.read_until(b'>') #print(temp) guess = b"\xf0\x9f\x90\xb0\xf0\x9f\x90\xb0\xf0\x9f\x90\xb0\xf0\x9f\x90\xb0" # 🐰🐰🐰🐰 send_guess(guess, nc) guess = b"\xf0\x9f\x90\x87\xf0\x9f\x90\x87\xf0\x9f\x90\x87\xf0\x9f\x90\x87" # 🐇🐇🐇🐇 send_guess(guess, nc) guess = b"\xf0\x9f\x90\xa3\xf0\x9f\x90\xa3\xf0\x9f\x90\xa3\xf0\x9f\x90\xa3" # 🐣🐣🐣🐣 send_guess(guess, nc) guess = b"\xf0\x9f\x90\xa4\xf0\x9f\x90\xa4\xf0\x9f\x90\xa4\xf0\x9f\x90\xa4" # 🐤🐤🐤🐤 send_guess(guess, nc) guess = b"\xf0\x9f\x90\xa5\xf0\x9f\x90\xa5\xf0\x9f\x90\xa5\xf0\x9f\x90\xa5" # 🐥🐥🐥🐥 send_guess(guess, nc) guess = b"\xf0\x9f\xa5\x9a\xf0\x9f\xa5\x9a\xf0\x9f\xa5\x9a\xf0\x9f\xa5\x9a" # 🥚🥚🥚🥚 send_guess(guess, nc)
def listen(): ip = raw_input("týrnak icinde ip adresi gir:") port = raw_input("port gir:") nc = Netcat(ip, port) nc.read_until('>') nc.write('new' + '\n') nc.read_until('>') nc.write('set' + '\n') nc.read_until('id:')
def main(): for i in range(3): nc = Netcat('140.112.31.96', 10155) N = nc.read().split('N = ')[1] c = N.split('c = ')[1][:-1] N = N.split('c = ')[0][:-1] with open('data/ciphertext.' + str(i + 1), 'w') as W: W.write(c) with open('data/modulus.' + str(i + 1), 'w') as W: W.write(N)
def encrypt(msg): nc = Netcat(host, port) nc.read(1024) nc.read(1024) nc.write(msg.encode('hex') + '\n') data = nc.read(1024) nc.read(1024) nc.write('n') nc.close() # print block(data[12:]) return data[12:]
def encrypt2(msg): nc = Netcat(host, port) nc.read_until('\n') nc.read_until('\n') # print "[1]", nc.read_until('\n') # print "[2]", nc.read_until('\n') nc.write(msg.encode('hex') + '\n') print msg #.encode('hex') data = nc.read_until('\n').strip() # print "[+]", data nc.read_until('\n') # print "[3]", nc.read_until('\n') nc.write('n\n') nc.close() # print block(data[12:]) return data[12:]
def get_map(): m = {} nc = Netcat('88.99.13.190', 36348) def code(inp): nc.read_until('\n') nc.write('aa' + inp + '\n') nc.read_until('\n') return nc.read_until('\n')[4:-1] for i in range(33, 127): inp = chr(i) output = code(inp) print(inp, output) m[inp] = output for j in range(32, 127): inp = chr(i) + chr(j) output = code(inp) print(inp, output) m[inp] = output return m
# try to figure out the end out an number if remaining_sum[i - 5:i] == "00000": break last_number = remaining_sum[i] + last_number if (len(remaining_sum) > 37): last_number = remaining_sum[y] + last_number return long(last_number) loop = 0 while (loop < 10): print "LOOP: " + str(loop) if (loop == 0): # connect to the server thrugh netcat lib nc = Netcat('39.96.8.114', 9999) nc.read_until('Please input your number to guess the coeff:') nc.write(str(guess_number) + '\n') data = nc.read_until("It is your time to guess the coeff!") data = data.replace("This is the sum: ", "") data = data.replace("It is your time to guess the coeff!", "") sum = data cof = "" for i in range(0, 120): if long(sum) == 0 or long(sum) == -1: continue last_number = get_last_number(sum) cof = str(last_number) + str(" ") + cof # eliminate last number by subtract it from the sum then divide by guess number
# below is a extract from a sample exploit that # interfaces with a tcp socket from netcat import Netcat # start a new Netcat() instance nc = Netcat('127.0.0.1', 5150) # [ENQ] nc.write('\005') # [ACK] nc.read_until('\006') # STX-CR-ETX-CR-LF # bar code is sample id nc.write( '\002D1UpocH-100i^02318729^ 201710230 IJA31600000005900473001160036900780202452031400457107261*0000*000000430*0000*00000385001380009800095001670\003' ) # [ACK] nc.read_until('\006') # STX-CR-ETX-CR-LF nc.write( '\002D20102050504020000072C6164370D01010304070808060505050607070707070605040303020101000001000000000000000008100B040101010203060B182D485D64563D25130A0604030303030303030303020201010100000000000000000000000000D304091A3857645E4F3E2D2117100B08050403030203030303040404040506080A0B0C1015171D272E060E0E3104310117JINO \003' ) # [ACK] nc.read_until('\006') # [EOT]
welcome = b'''\ If you provide a message (besides this one) with a valid message authentication code, I will give you the flag.\x01\ If you provide a message (besides this one) with a valid message authentication code, I will give you the flag.''' md = [ b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07', b'If you provide a', b' message (beside', b's this one) with', b'\na valid message', b' authentication ', b'code, I will giv', b'e\nyou the flag.\x01' ] nc = Netcat('54.159.113.26', 19002) print('[+] ' + nc.read_until(b': ').decode('utf-8')) mac = nc.read_until(b': ').decode('utf-8') mac = binascii.unhexlify(mac[:64]) ivd = mac[:16] t = mac[16:] BLOCK_SIZE = 16 m = welcome m = split(m, BLOCK_SIZE) m[6] = strxor(t, strxor(md[0], ivd)) iv = strxor(long_to_bytes(14, BLOCK_SIZE), strxor(md[0], ivd)) m_united = b'' for mi in m: #print(mi) m_united = m_united + binascii.hexlify(mi)
#coding:utf-8 import datetime from cassandra.cluster import Cluster from kafka import KafkaConsumer,TopicPartition from netcat import Netcat import conf cluster = Cluster(conf.ca_host,conf.ca_port) session = cluster.connect() session.set_keyspace(conf.ca_keyspace) nc = Netcat(conf.flume_krsk_avaya['host'],conf.flume_krsk_avaya['port']) def logpar(log): """Разбор строки лога""" data = {} st = log.split(",") duration_str = st[1].split(":") h = int(duration_str[0],10) m = int(duration_str[1],10) s = int(duration_str[2],10) sec = datetime.timedelta(hours=h, minutes=m, seconds=s)
return self.socket.recv(length) def read_until(self, data): """ Read data into the buffer until we have data """ while not data in self.buff: self.buff += self.socket.recv(1024) pos = self.buff.find(data) rval = self.buff[:pos + len(data)] self.buff = self.buff[pos + len(data):] return rval def write(self, data): self.socket.send(data) def close(self): self.socket.close() if __name__ == '__main__': nc = Netcat('2018shell1.picoctf.com', 24039) c, n, e = nc.read().strip().split('\n') c = c[c.index(': ') + 2:] n = n[n.index(': ') + 2:] e = e[e.index(': ') + 2:] print(c, n, e)
assert len(bin(x)[2:]) <= n X = bin(x)[2:].zfill(n) f_ax = g for i in range(1, n): f_ax *= pow(g, a[i] * int(X[i]), p) return f_ax % p ''' Ok, this problem had a netcat interface and I wasn't very happy. However, the PRF was short and easy to read; the first idea was to send some Xs with only one 1 and the rest 0s, in order to get a[i] by solving a discrete log. The idea wasn't bad, but the server required the inputs to be at least 2^64; so I took the opposite approach and asked for Xs with all ones but one 0 in the needed. The discrete log wasn't hard, because g always had an order of ~200. ''' nc = Netcat('167.71.62.250', 23549) # read PoW request print(nc.read()) # send PoW pwd = input("Inserisci la pass") nc.write(pwd + '\n') # read parameters header = nc.read_until('[Q]uit') print(header) nums = re.findall(r"\(p, g\) = \((.*?), (.*?)\)", header) N = int(re.findall(r"for n = (\d*)", header)[0]) p = int(nums[0][0], 16)
random_word = random.choice(list_to_minimize) print("Random Word Is: " + random_word) nnc.write(bytes(random_word, 'utf-8')) output = nc.read() try: c = int(output) step = [] for word in list_to_minimize: if check_if_word_is_possible(random_word, word, c) and word != last: step.append(word) print(step.__len__()) minimize_list(step, nnc, word) except: print(output) wordsListFile = open(r"C:\Users\97254\Desktop\CheckPoint\words.txt", "r") lst = wordsListFile.readlines() finalList = [word.strip() for word in lst] nc = Netcat("tricky-guess.csa-challenge.com", 2222) print(nc.read(10000)) print(nc.read()) minimize_list(lst, nc, "")
# below is a extract from a sample exploit that # interfaces with a tcp socket from netcat import Netcat import re import time r = re.compile(r'^[0-9]+$') # start a new Netcat() instance nc = Netcat('35.157.111.68', 10145) def wait(n): time.sleep(n) # get to the prompt #nc.read_until('>') while 1: if 1 == 2: break wait(.5) ncString1 = nc.read() print(ncString1) wait(.5) ncString2 = ncString1.decode("utf-8") # wait(.5) num = re.sub(r'\D', "", ncString2) #wait(.5) num2 = str.encode(num)
#coding:utf-8 import sys import datetime from cassandra.cluster import Cluster from netcat import Netcat import conf cluster = Cluster(conf.ca_host, conf.ca_port) session = cluster.connect() session.set_keyspace(conf.ca_keyspace) nc = Netcat(conf.flume_krsk_g700['host'], conf.flume_krsk_g700['port']) h4 = datetime.timedelta(hours=4) def isInt(s): """Проверка строки на содержание чисел""" try: int(s) return True except: return False def logpar(st): """Разбор строки лога""" data = {}
import datetime import time import sys from cassandra.cluster import Cluster from netcat import Netcat import conf cluster = Cluster(conf.ca_host, conf.ca_port) session = cluster.connect() session.set_keyspace(conf.ca_keyspace) nc = Netcat(conf.flume_chi_definity['host'], conf.flume_chi_definity['port']) h4 = datetime.timedelta(hours=4) def isInt(s): """Проверка строки на содержание чисел""" try: int(s) return True except: return False def logpar(log): """Разбор строки лога"""
from netcat import Netcat # start a new Netcat() instance nc = Netcat('192.168.10.211', 23) nc.read_until('Checksum') output = nc.read() print output
def play(): nc = Netcat("challenges.ctfd.io", 30035) temp = nc.read_until(b'>') round(nc) round(nc) round(nc)
██ ██ ██ ██ ██ ██ ██ ████ ███████ ██ ██ ██████ ██████ ██████ A Partner box Debuger Made by ibaraky https://github.com/ibarkay example : python3 31337.py -h 192.168.1.60 """) fily = open('31337.txt', 'r').readlines() until = 'Success' try: HOST = sys.argv[sys.argv.index("-h") + 1] #HOST = "192.168.1.60" except: print("Please insert host with -h , example : -h 192.168.1.60") PORT = 31337 nc = Netcat(HOST, PORT) COMMANDS = [x.replace('\n', '') for x in fily] COMMANDS = [ast.literal_eval(x) for x in COMMANDS] #print(COMMANDS) listCmds = [] run = True def list_cmds(): if len(listCmds) == 0: for i in COMMANDS: listCmds.append(i[0]) else: pass
#!/usr/bin/python #coding:utf-8 import datetime from cassandra.cluster import Cluster from kafka import KafkaConsumer, TopicPartition from netcat import Netcat import conf cluster = Cluster(conf.ca_host, conf.ca_port) session = cluster.connect() session.set_keyspace(conf.ca_keyspace) nc = Netcat(conf.flume_krsk_asterisk['host'], conf.flume_krsk_asterisk['port']) def isInt(s): """Проверка строки на содержание чисел""" try: int(s) return True except: return False def logpar(log): """Разбор строки лога""" data = {} log = log.replace("\"", "").split(",")
import datetime import time import sys from cassandra.cluster import Cluster from netcat import Netcat import conf cluster = Cluster(conf.ca_host, conf.ca_port) session = cluster.connect() session.set_keyspace(conf.ca_keyspace) nc = Netcat(conf.flume_chi_asterisk['host'], conf.flume_chi_asterisk['port']) h4 = datetime.timedelta(hours=4) def isInt(s): """Проверка строки на содержание чисел""" try: int(s) return True except: return False def logpar(log): """Разбор строки лога"""
import numpy as np import collections import heapq from netcat import Netcat nc = Netcat('52.49.91.111', 2003) class Queue: def __init__(self): self.elements = collections.deque() def empty(self): return len(self.elements) == 0 def put(self, x): self.elements.append(x) def get(self): return self.elements.popleft() class PriorityQueue: def __init__(self): self.elements = [] def empty(self): return len(self.elements) == 0 def put(self, item, priority): heapq.heappush(self.elements, (priority, item))
print 'Journey, step:' + str(i) # wait for the promt nc.read_until(b'>') def fight_dragon(): for i in range(3700): # complete journey nc.write('2' + '\n') print 'Dragon, step:' + str(i) # wait for the promt nc.read_until(b'>') # start a new Netcat() instance nc = Netcat(host, port) print 'Connected' # get to the prompt nc.read_until('>') print "Got prompt" # buy a sword buy_item_in_shop(1) print 'Bought a sword' # complete a journey to earn money for more powerful weapon complete_journey() print 'Completed the journey' # buy a missle launcer buy_item_in_shop(4) print 'Bought a missle launcher'
import string import sys import time from netcat import Netcat # This could def be more automated buuuuuut no. for z in range(0, 95, 20): nc = Netcat('2018shell1.picoctf.com', 31123) nc.read() # Hello nc.read() # enter report wrap_start = 'z' * 11 + 'a' * 16 wrap_end = 'a' * (16 + 11) + '\n' # picoCTF{@g3nt6_1$_th3_c00l3$t_3355197} inputs = [ 'c00l3$t_3355197' + y for y in ['_'] + list(string.printable[z:min(z + 20, 95)]) ] nc.write(wrap_start + ''.join(inputs) + wrap_end) resp = nc.read() # output def splitn(line, n=32): return [line[i:i + n] for i in range(0, len(line), n)] # split on the 'a' * 16 # print('\n'.join(splitn(resp))) prefix, queries, postfix = resp.split('99908ad37adef3fb5a94680c5a64c6ca')