stefan2904 · August 29, 2015 14:21
diff --git a/DefConCTF_blackbox.txt b/DefConCTF_blackbox.txt
 % python attack_blackbox3.py


 [*] ####################################################################
 [*] ######## first box
 [+] Opening connection to blackbox_ced7f267475a0299446fa86c26d77161.quals.shallweplayaga.me on port 18324: Done
 [DEBUG] Received 0x19 bytes:
    'You need to open the box!'
 [DEBUG] Received 0xb2 bytes:
    '\n'
    'Valid characters are: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ "\n'
    'Max length is: 63 characters.\n'
    "Let's try some easy boxes:\n"
 [DEBUG] Sent 0x3f bytes:
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\n'
 [DEBUG] Received 0x6f bytes:
    'Password [=>?@[\\]^_`{|}~ ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu]\tExpected [00ul<\\fYRLW<HLQPcd<[QQLNP]\n'
 [*] got the following password '=>?@[\]^_`{|}~ ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu' and expected '00ul<\fYRLW<HLQPcd<[QQLNP'
 [*] got the following key 80
 [*] got the following password '&&90 Fungal Wafers Efface'
 [DEBUG] Sent 0x1a bytes:
    '&&90 Fungal Wafers Efface\n'
 [DEBUG] Received 0xf bytes:
    'Password valid.'
 [DEBUG] Received 0x13 bytes:
    '\n'
    'Another easy box:\n'


 [*] ####################################################################
 [*] ######### second box
 [DEBUG] Sent 0x3f bytes:
    'XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ\n'
 [DEBUG] Received 0x6d bytes:
    'Password [Xw A~~`\\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\\,1JUm;7ZwDEKSm-3Nc]\tExpected [\\x|i[[{\'s`0S5e5/9#s*yS*]\n'
 [*] 'Password [Xw A~~`\\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\\,1JUm;7ZwDEKSm-3Nc]\tExpected [\\x|i[[{\'s`0S5e5/9#s*yS*]'
 [*] got the following password
    XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
    Xw A~~`\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\,1JUm;7ZwDEKSm-3Nc
 [*] expected pw '\x|i[[{'s`0S5e5/9#s*yS*'
 [*] trying XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
 [*] [0, 23, 71, 70, 70, 68, 66, 60, 50, 28, 81, 90, 15, 53, 36, 0, 25, 73, 76, 80, 90, 13, 51, 30, 85, 3, 31, 85, 5, 33, 91, 15, 55, 38, 6, 35, 0, 23, 71, 70, 70, 68, 66, 60, 50, 28, 81, 90, 15, 53, 36, 0, 25, 73, 76, 80, 90, 13, 51, 30, 85, 3]
 [*] enc test
    XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
    Xw A~~`\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\,1JUm;7ZwDEKSm-3Nc
 [*] dec test:
    XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
    Xw A~~`\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\,1JUm;7ZwDEKSm-3Nc
    XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
 [*] got the following password '\70 Parade Idol Dozily\'
 [DEBUG] Sent 0x18 bytes:
    '\\70 Parade Idol Dozily\\\n'
 [DEBUG] Received 0xf bytes:
    'Password valid.'
 [DEBUG] Received 0x18 bytes:
    '\n'
    'A little harder maybe?\n'


 [*] ####################################################################
 [*] ######### third box
 [DEBUG] Sent 0x3f bytes:
    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\n'
 [DEBUG] Received 0x6a bytes:
    'Password [PONMLKJIHGFEDCBA ~}|{`_^]\\[@?>=<;:/.-,+*)(\'&%$#"!9876543210zyx]\tExpected [a\\:<0wE{{@-w<F.8wPPa]\n'
 [*] 'Password [PONMLKJIHGFEDCBA ~}|{`_^]\\[@?>=<;:/.-,+*)(\'&%$#"!9876543210zyx]\tExpected [a\\:<0wE{{@-w<F.8wPPa]'
 [*] got the following password
    ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
    xyz0123456789!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ ABCDEFGHIJKLMNOP
 [DEBUG] Sent 0x22 bytes:
    '!"#$%&\'()*+,-./:;<=>?@[\\]^_`{|}~ \n'
 [DEBUG] Received 0x4d bytes:
    'Password [wvutsrqponmlkjihgfedcbaZYXWVUTSRQ]\tExpected [a\\:<0wE{{@-w<F.8wPPa]\n'
 [*] 'Password [wvutsrqponmlkjihgfedcbaZYXWVUTSRQ]\tExpected [a\\:<0wE{{@-w<F.8wPPa]'
 [*] got the following password
    !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ 
    QRSTUVWXYZabcdefghijklmnopqrstuvw
 [*] expected pw 'a\:<0wE{{@-w<F.8wPPa'
 [*] got the following password '+99 Laze Zippy Deck+'
 [DEBUG] Sent 0x15 bytes:
    '+99 Laze Zippy Deck+\n'
 [DEBUG] Received 0xf bytes:
    'Password valid.'
 [DEBUG] Received 0xe bytes:
    '\n'
    'Catching on!\n'


 [*] ####################################################################
 [*] ######### fourth box
 [DEBUG] Sent 0x3e bytes:
    'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n'
 [DEBUG] Received 0x6d bytes:
    "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR|)]\tExpected [=7S|KIF`9lY1n0jO;#B[@'yq]\n"
 [*] "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR|)]\tExpected [=7S|KIF`9lY1n0jO;#B[@'yq]"
 [*] got the following password
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    )|Rm7=Gbw({Ql6<Fav'`Pk5;EZu&_Oj4:DYt%^Ni3/CXs$]Mh2.BWr#\Lg1-A
 [DEBUG] Sent 0x3e bytes:
    'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n'
 [DEBUG] Received 0x6d bytes:
    "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR|)]\tExpected [=7S|KIF`9lY1n0jO;#B[@'yq]\n"
 [*] "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR|)]\tExpected [=7S|KIF`9lY1n0jO;#B[@'yq]"
 [*] got the following password
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    )|Rm7=Gbw({Ql6<Fav'`Pk5;EZu&_Oj4:DYt%^Ni3/CXs$]Mh2.BWr#\Lg1-A
 [DEBUG] Sent 0x3e bytes:
    'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n'
 [DEBUG] Received 0xab bytes:
    "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR|)]\tExpected [=7S|KIF`9lY1n0jO;#B[@'yq]\n"
    'You have entered an invalid password too many times. Exiting.\n'
 [*] "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR|)]\tExpected [=7S|KIF`9lY1n0jO;#B[@'yq]"
 [*] got the following password
    AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
    )|Rm7=Gbw({Ql6<Fav'`Pk5;EZu&_Oj4:DYt%^Ni3/CXs$]Mh2.BWr#\Lg1-A
 [*] Switching to interactive mode
 You have entered an invalid password too many times. Exiting.
 [*] Got EOF while reading in interactive
	% python attack_blackbox3.py


	[*] ####################################################################
	[*] ######## first box
	[+] Opening connection to blackbox_ced7f267475a0299446fa86c26d77161.quals.shallweplayaga.me on port 18324: Done
	[DEBUG] Received 0x19 bytes:
	'You need to open the box!'
	[DEBUG] Received 0xb2 bytes:
	'\n'
	'Valid characters are: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!"#$%&\'()*+,-./:;<=>?@[\\]^_`{\|}~ "\n'
	'Max length is: 63 characters.\n'
	"Let's try some easy boxes:\n"
	[DEBUG] Sent 0x3f bytes:
	'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\n'
	[DEBUG] Received 0x6f bytes:
	'Password [=>?@[\\]^_`{\|}~ ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu]\tExpected [00ul<\\fYRLW<HLQPcd<[QQLNP]\n'
	[*] got the following password '=>?@[\]^_`{\|}~ ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstu' and expected '00ul<\fYRLW<HLQPcd<[QQLNP'
	[*] got the following key 80
	[*] got the following password '&&90 Fungal Wafers Efface'
	[DEBUG] Sent 0x1a bytes:
	'&&90 Fungal Wafers Efface\n'
	[DEBUG] Received 0xf bytes:
	'Password valid.'
	[DEBUG] Received 0x13 bytes:
	'\n'
	'Another easy box:\n'


	[*] ####################################################################
	[*] ######### second box
	[DEBUG] Sent 0x3f bytes:
	'XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ\n'
	[DEBUG] Received 0x6d bytes:
	'Password [Xw A~~`\\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\\,1JUm;7ZwDEKSm-3Nc]\tExpected [\\x\|i[[{\'s`0S5e5/9#syS]\n'
	[] 'Password [Xw A~~`\\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\\,1JUm;7ZwDEKSm-3Nc]\tExpected [\\x\|i[[{\'s`0S5e5/9#syS*]'
	[*] got the following password
	XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
	Xw A~~`\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\,1JUm;7ZwDEKSm-3Nc
	[] expected pw '\x\|i[[{'s`0S5e5/9#syS*'
	[*] trying XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
	[*] [0, 23, 71, 70, 70, 68, 66, 60, 50, 28, 81, 90, 15, 53, 36, 0, 25, 73, 76, 80, 90, 13, 51, 30, 85, 3, 31, 85, 5, 33, 91, 15, 55, 38, 6, 35, 0, 23, 71, 70, 70, 68, 66, 60, 50, 28, 81, 90, 15, 53, 36, 0, 25, 73, 76, 80, 90, 13, 51, 30, 85, 3]
	[*] enc test
	XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
	Xw A~~`\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\,1JUm;7ZwDEKSm-3Nc
	[*] dec test:
	XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
	Xw A~~`\,1JUm;7ZwDEKSm-3Nc2Pc6To;"d8Xw A~~`\,1JUm;7ZwDEKSm-3Nc
	XZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZXZ
	[*] got the following password '\70 Parade Idol Dozily\'
	[DEBUG] Sent 0x18 bytes:
	'\\70 Parade Idol Dozily\\\n'
	[DEBUG] Received 0xf bytes:
	'Password valid.'
	[DEBUG] Received 0x18 bytes:
	'\n'
	'A little harder maybe?\n'


	[*] ####################################################################
	[*] ######### third box
	[DEBUG] Sent 0x3f bytes:
	'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\n'
	[DEBUG] Received 0x6a bytes:
	'Password [PONMLKJIHGFEDCBA ~}\|{`_^]\\[@?>=<;:/.-,+*)(\'&%$#"!9876543210zyx]\tExpected [a\\:<0wE{{@-w<F.8wPPa]\n'
	[] 'Password [PONMLKJIHGFEDCBA ~}\|{`_^]\\[@?>=<;:/.-,+)(\'&%$#"!9876543210zyx]\tExpected [a\\:<0wE{{@-w<F.8wPPa]'
	[*] got the following password
	ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
	xyz0123456789!"#$%&'()*+,-./:;<=>?@[\]^_`{\|}~ ABCDEFGHIJKLMNOP
	[DEBUG] Sent 0x22 bytes:
	'!"#$%&\'()*+,-./:;<=>?@[\\]^_`{\|}~ \n'
	[DEBUG] Received 0x4d bytes:
	'Password [wvutsrqponmlkjihgfedcbaZYXWVUTSRQ]\tExpected [a\\:<0wE{{@-w<F.8wPPa]\n'
	[*] 'Password [wvutsrqponmlkjihgfedcbaZYXWVUTSRQ]\tExpected [a\\:<0wE{{@-w<F.8wPPa]'
	[*] got the following password
	!"#$%&'()*+,-./:;<=>?@[\]^_`{\|}~
	QRSTUVWXYZabcdefghijklmnopqrstuvw
	[*] expected pw 'a\:<0wE{{@-w<F.8wPPa'
	[*] got the following password '+99 Laze Zippy Deck+'
	[DEBUG] Sent 0x15 bytes:
	'+99 Laze Zippy Deck+\n'
	[DEBUG] Received 0xf bytes:
	'Password valid.'
	[DEBUG] Received 0xe bytes:
	'\n'
	'Catching on!\n'


	[*] ####################################################################
	[*] ######### fourth box
	[DEBUG] Sent 0x3e bytes:
	'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n'
	[DEBUG] Received 0x6d bytes:
	"Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR\|)]\tExpected [=7S\|KIF`9lY1n0jO;#B[@'yq]\n"
	[*] "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR\|)]\tExpected [=7S\|KIF`9lY1n0jO;#B[@'yq]"
	[*] got the following password
	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	)\|Rm7=Gbw({Ql6<Fav'`Pk5;EZu&_Oj4:DYt%^Ni3/CXs$]Mh2.BWr#\Lg1-A
	[DEBUG] Sent 0x3e bytes:
	'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n'
	[DEBUG] Received 0x6d bytes:
	"Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR\|)]\tExpected [=7S\|KIF`9lY1n0jO;#B[@'yq]\n"
	[*] "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR\|)]\tExpected [=7S\|KIF`9lY1n0jO;#B[@'yq]"
	[*] got the following password
	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	)\|Rm7=Gbw({Ql6<Fav'`Pk5;EZu&_Oj4:DYt%^Ni3/CXs$]Mh2.BWr#\Lg1-A
	[DEBUG] Sent 0x3e bytes:
	'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n'
	[DEBUG] Received 0xab bytes:
	"Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR\|)]\tExpected [=7S\|KIF`9lY1n0jO;#B[@'yq]\n"
	'You have entered an invalid password too many times. Exiting.\n'
	[*] "Password [A-1gL\\#rWB.2hM]$sXC/3iN^%tYD:4jO_&uZE;5kP`'vaF<6lQ{(wbG=7mR\|)]\tExpected [=7S\|KIF`9lY1n0jO;#B[@'yq]"
	[*] got the following password
	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	)\|Rm7=Gbw({Ql6<Fav'`Pk5;EZu&_Oj4:DYt%^Ni3/CXs$]Mh2.BWr#\Lg1-A
	[*] Switching to interactive mode
	You have entered an invalid password too many times. Exiting.
	[*] Got EOF while reading in interactive