def encrypt(msg):
nc = Netcat(host, port)
nc.read(1024)
nc.read(1024)
nc.write(msg.encode('hex') + '\n')
data = nc.read(1024)
nc.read(1024)
nc.write('n')
nc.close()
# print block(data[12:])
return data[12:]
def main():
for i in range(3):
nc = Netcat('140.112.31.96', 10155)
N = nc.read().split('N = ')[1]
c = N.split('c = ')[1][:-1]
N = N.split('c = ')[0][:-1]
with open('data/ciphertext.' + str(i + 1), 'w') as W:
W.write(c)
with open('data/modulus.' + str(i + 1), 'w') as W:
W.write(N)
from netcat import Netcat
# start a new Netcat() instance
nc = Netcat('192.168.10.211', 23)
nc.read_until('Checksum')
output = nc.read()
print output
return long(last_number)
loop = 0
while (loop < 10):
print "LOOP: " + str(loop)
if (loop == 0):
# connect to the server thrugh netcat lib
nc = Netcat('39.96.8.114', 9999)
nc.read_until('Please input your number to guess the coeff:')
nc.write(str(guess_number) + '\n')
data = nc.read_until("It is your time to guess the coeff!")
data = data.replace("This is the sum: ", "")
data = data.replace("It is your time to guess the coeff!", "")
sum = data
cof = ""
for i in range(0, 120):
if long(sum) == 0 or long(sum) == -1:
continue
last_number = get_last_number(sum)
cof = str(last_number) + str(" ") + cof
# eliminate last number by subtract it from the sum then divide by guess number
sum = str(long(long(sum) - long(last_number)) / long(guess_number))
print cof
nc.write(cof + "\n")
print nc.read(100)
loop = loop + 1
for i in range(1, n):
f_ax *= pow(g, a[i] * int(X[i]), p)
return f_ax % p
'''
Ok, this problem had a netcat interface and I wasn't very happy.
However, the PRF was short and easy to read; the first idea was to send some Xs with only one 1 and the rest 0s, in order to get a[i] by solving a discrete log.
The idea wasn't bad, but the server required the inputs to be at least 2^64; so I took the opposite approach and asked for Xs with all ones but one 0 in the needed.
The discrete log wasn't hard, because g always had an order of ~200.
'''
nc = Netcat('167.71.62.250', 23549)
# read PoW request
print(nc.read())
# send PoW
pwd = input("Inserisci la pass")
nc.write(pwd + '\n')
# read parameters
header = nc.read_until('[Q]uit')
print(header)
nums = re.findall(r"\(p, g\) = \((.*?), (.*?)\)", header)
N = int(re.findall(r"for n = (\d*)", header)[0])
p = int(nums[0][0], 16)
g = int(nums[0][1], 16)
print(p, g)
random_word = random.choice(list_to_minimize)
print("Random Word Is: " + random_word)
nnc.write(bytes(random_word, 'utf-8'))
output = nc.read()
try:
c = int(output)
step = []
for word in list_to_minimize:
if check_if_word_is_possible(random_word, word,
c) and word != last:
step.append(word)
print(step.__len__())
minimize_list(step, nnc, word)
except:
print(output)
wordsListFile = open(r"C:\Users\97254\Desktop\CheckPoint\words.txt", "r")
lst = wordsListFile.readlines()
finalList = [word.strip() for word in lst]
nc = Netcat("tricky-guess.csa-challenge.com", 2222)
print(nc.read(10000))
print(nc.read())
minimize_list(lst, nc, "")
nc = Netcat('35.157.111.68', 10145)
def wait(n):
time.sleep(n)
# get to the prompt
#nc.read_until('>')
while 1:
if 1 == 2:
break
wait(.5)
ncString1 = nc.read()
print(ncString1)
wait(.5)
ncString2 = ncString1.decode("utf-8")
# wait(.5)
num = re.sub(r'\D', "", ncString2)
#wait(.5)
num2 = str.encode(num)
#wait(.5)
nc.write(num2)
print(num2)
wait(.5)
nc.read()
'''
filter(r.match, out)
out2 = out.decode("utf-8")
# start a new Netcat() instance
nc = Netcat(host, port)
print 'Connected'
# get to the prompt
nc.read_until('>')
print "Got prompt"
# buy a sword
buy_item_in_shop(1)
print 'Bought a sword'
# complete a journey to earn money for more powerful weapon
complete_journey()
print 'Completed the journey'
# buy a missle launcer
buy_item_in_shop(4)
print 'Bought a missle launcher'
fight_dragon()
# check status
try:
nc.write('2\n')
print nc.read_until(b'Weapon level')
buy_item_in_shop(5)
nc.write('1' + '\n')
print nc.read(4096)
except:
print 'Exception occured'
print 'Got the flag!!!'
return self.socket.recv(length)
def read_until(self, data):
""" Read data into the buffer until we have data """
while not data in self.buff:
self.buff += self.socket.recv(1024)
pos = self.buff.find(data)
rval = self.buff[:pos + len(data)]
self.buff = self.buff[pos + len(data):]
return rval
def write(self, data):
self.socket.send(data)
def close(self):
self.socket.close()
if __name__ == '__main__':
nc = Netcat('2018shell1.picoctf.com', 24039)
c, n, e = nc.read().strip().split('\n')
c = c[c.index(': ') + 2:]
n = n[n.index(': ') + 2:]
e = e[e.index(': ') + 2:]
print(c, n, e)
mac = binascii.unhexlify(mac[:64])
ivd = mac[:16]
t = mac[16:]
BLOCK_SIZE = 16
m = welcome
m = split(m, BLOCK_SIZE)
m[6] = strxor(t, strxor(md[0], ivd))
iv = strxor(long_to_bytes(14, BLOCK_SIZE), strxor(md[0], ivd))
m_united = b''
for mi in m:
#print(mi)
m_united = m_united + binascii.hexlify(mi)
assert len(binascii.unhexlify(binascii.hexlify(iv + t))) == 32
nc.write(m_united + b'\n')
print('[+] ' + nc.read_until(b': ').decode('utf-8'))
nc.write(binascii.hexlify(iv + t) + b'\n')
sleep(1)
flag = nc.read()
print('[+] ' + flag.decode('utf-8'))
# '''
m = pad(binascii.unhexlify(m_united), BLOCK_SIZE)
m = split(m, BLOCK_SIZE)
m.insert(0, long_to_bytes(len(m), BLOCK_SIZE))
assert strxor(m[0], iv) == strxor(md[0], ivd)
assert strxor(m[7], t) == strxor(ivd, md[0])
assert m[-1] == md[-1]
print(m)
# '''
import string
import sys
import time
from netcat import Netcat
# This could def be more automated buuuuuut no.
for z in range(0, 95, 20):
nc = Netcat('2018shell1.picoctf.com', 31123)
nc.read() # Hello
nc.read() # enter report
wrap_start = 'z' * 11 + 'a' * 16
wrap_end = 'a' * (16 + 11) + '\n'
# picoCTF{@g3nt6_1$_th3_c00l3$t_3355197}
inputs = [
'c00l3$t_3355197' + y
for y in ['_'] + list(string.printable[z:min(z + 20, 95)])
]
nc.write(wrap_start + ''.join(inputs) + wrap_end)
resp = nc.read() # output
def splitn(line, n=32):
return [line[i:i + n] for i in range(0, len(line), n)]
# split on the 'a' * 16
# print('\n'.join(splitn(resp)))
prefix, queries, postfix = resp.split('99908ad37adef3fb5a94680c5a64c6ca')
