Created
August 18, 2014 06:38
-
-
Save miaoski/24b4aec21e989663d314 to your computer and use it in GitHub Desktop.
HITCON2014 Finger
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import re | |
| import pexpect | |
| import sys | |
| FILLER = '11111111111' | |
| def fillme(text): | |
| x = 16 - len(text) | |
| return text + '1'*x | |
| def _md5(text): | |
| return int(hashlib.md5( fillme(text) ).hexdigest().lower(), 16) | |
| # p = pexpect.spawn('ruby finger-9312e72601ff37116dd1e201e9508dbb.rb') | |
| p = pexpect.spawn('tsocks nc 210.71.253.236 7171') | |
| p.setecho(True) | |
| p.logfile = sys.stdout | |
| while True: | |
| idx = p.expect(['hands', 'how many', 'the magic', 'here is mine', 'show me the']) | |
| if idx == 0: | |
| x = p.readline() | |
| hands = re.findall(r"\"[0-9a-z]+\"", x) | |
| hands = [s.strip('"') for s in hands] | |
| hands_md5 = map(_md5, hands) | |
| #print "I GOT HANDS", hands | |
| #print "I GOT THERE MD5", hands_md5 | |
| elif idx == 1: | |
| p.sendline('1') | |
| elif idx == 2: | |
| magicNumber = hands_md5[2] | |
| p.sendline(str(magicNumber)) | |
| elif idx == 3: | |
| boss_hand = p.readline().split(':')[1].strip() | |
| bh = hands.index(boss_hand) | |
| #print "I GOT BOSS HAND = ", boss_hand | |
| elif idx == 4: | |
| if bh == 0: | |
| p.sendline("I cheat") | |
| else: | |
| p.sendline(fillme(hands[2])) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment