Skip to content

Instantly share code, notes, and snippets.

@DoMINAToR98
Created June 8, 2019 08:45
Show Gist options
  • Save DoMINAToR98/8744241bbad5280560ecb1e78dbb2251 to your computer and use it in GitHub Desktop.
Save DoMINAToR98/8744241bbad5280560ecb1e78dbb2251 to your computer and use it in GitHub Desktop.
from pwn import * #Using pwntools for connecting
import re
import textwrap
conn = remote('crypto.hsctf.com',8111)
conn.recvline()
conn.recvline()
conn.recvline()
s=conn.recvline()
print s
t="abcdefghijklmnopqrstuvwxyz1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ!?_" #list of characters for bruteforcing
data =re.findall(": (.*)",s) #finding the super secret message via regex
data =str(data[0]) #converting the message from list to string
j=12
ch=""
new=""
flag="hsctf{"
for k in range((106-12-2)/2): #total length which needs to be bruteforced
for i in t: #trying each and every character from the above list
n=""
conn.recvline()
conn.sendline(flag+i) #sending input flag_found_till_now + new_character
conn.recvline()
ch=conn.recvline()
n=re.findall(": (.*)",ch)
new=str(n[0])
if(data[j:j+2]==new[j:j+2]): #checking if it matches with the secret message
flag=flag+i
j=j+2
print flag
break
print (flag+"}") #printing the final flag
@macghaw
Copy link

macghaw commented Jun 16, 2023

dude how to use this ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment