Created
November 16, 2019 01:09
-
-
Save jyn514/d436c54cec214e4fb93bd4c6409d1f08 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| import socket | |
| import subprocess | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| s.connect(("ctfchallenges.ritsec.club", 8080)) | |
| data = s.recv(1024) | |
| if data == "": | |
| exit(1) | |
| files = data.decode().split('\n')[-2] | |
| hash = s.recv(1024).decode() | |
| print("Received:", files, '\n', hash) | |
| start = len("However... We have a theory that the passwords might come from ") | |
| filenames = re.split(', | or ', files[start:]) | |
| print(filenames) | |
| def crack(hash): | |
| with open("hash.txt", 'w') as fd: | |
| fd.write(hash) | |
| for file in filenames: | |
| print("trying file", file) | |
| print(subprocess.run(["john", "--wordlist=" + file, "hash.txt"])) | |
| john = subprocess.Popen(["john", "--show", "hash.txt"], stdout=subprocess.PIPE) | |
| stdout, _ = john.communicate() | |
| if '0 password hashes cracked' not in stdout.decode(): | |
| pw = stdout[2:].split(b'\n')[0] | |
| print("success:", pw) | |
| s.sendall(pw + b'\n') | |
| return | |
| else: | |
| print("failure:", stdout) | |
| print("all files failed :(") | |
| s.close() | |
| exit(1) | |
| while 1: | |
| crack(hash) | |
| hash = s.recv(1024) | |
| if not hash: | |
| break | |
| print(hash) | |
| print("Connection closed.") | |
| s.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment