Created
August 26, 2016 16:19
-
-
Save duckythescientist/3e8f2b234011f32fa3a05cf1a9d81d19 to your computer and use it in GitHub Desktop.
IceCTF A Strong Feeling Solution
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| """ | |
| Angr would probably be the nice way to solve this. Oh well. | |
| Brute force worked for me. | |
| Trying different inputs, it seems the length doesn't matter. | |
| The output changes depending on how many characters at the beginning match the key. | |
| Brute force possible keys watching for output changes (to know when we got the right letter) | |
| duck@computer:~/Downloads$ python solve_a_strong_feeling.py | |
| Leapfrog tcp buffer linux Leslie Lamport int L0phtCrack snarf headers bang. | |
| I | |
| Suitably small values machine code bypass infinite loop sudo lib. | |
| Ic | |
| Snarf foad mainframe firewall ifdef all your base are belong to us. | |
| Ice | |
| Segfault daemon pwned ack highjack eaten by a grue then linux stack hello world bang gcc do int hexadecimal. | |
| IceC | |
| """ | |
| from subprocess import Popen, PIPE | |
| import string | |
| def try_flag(s): | |
| process = Popen(["./a_strong_feeling"], stdout=PIPE, stdin=PIPE) | |
| (output, err) = process.communicate(s + "\n") | |
| # exit_code = process.wait() | |
| return output | |
| flag = "" | |
| while True: | |
| # Start by guessing "." and assume that we are wrong. | |
| last = try_flag(flag + ".") | |
| for s in string.printable: | |
| out = try_flag(flag + s) | |
| if out != last: | |
| flag += s | |
| print out | |
| print flag | |
| break |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment