ucdavis-ecs189m

[RADIOACTIVE] python exploits for uc davis class ecs189m
git clone git://git.figbert.com/ucdavis-ecs189m.git
Log | Files | Refs
commit 21a86a8f6501315683824a302afc4be56c7e57e9
parent b9f756e53c1228b2b58c4b6ed20e69408a2e50ce
Author: therealFIGBERT <figbertwelner@gmail.com>
Date:   Thu,  3 Oct 2019 11:09:29 -0700

Adding rudimentary flip detection

Diffstat:

Mthird_flag.py | 59+++++++++++++++++++++++++++++++++++------------------------


1 file changed, 35 insertions(+), 24 deletions(-)

diff --git a/third_flag.py b/third_flag.py
@@ -28,10 +28,11 @@ def find_middle(lst):
 
 master_alphabet = ["a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z"]
 current_mid = find_middle(master_alphabet)
-cracked = False
 alphabet = master_alphabet
 passkey = ""
-previous_pass = ""
+cracked = False
+flipped = False
+last_response_was_small = True
 start = 0
 
 conn = remote("twinpeaks.cs.ucdavis.edu", 30004)
@@ -43,25 +44,35 @@ print("Pass sent as:\n%s"%passkey)
 response = conn.recvline_contains(b"strcmp")
 print("Server response:\n%s"%response)
 while not cracked:
-    if b" -1 " in response:
-        alphabet = alphabet[current_mid:]
+    while not flipped:
+        if b" -1 " in response:
+            alphabet = alphabet[current_mid:]
+            current_mid = find_middle(alphabet)
+            passkey = pass_gen(char=alphabet[current_mid], pos=start, premade=passkey)
+            if last_response_was_small:
+                flipped = False
+            else:
+                flipped = True
+            last_response_was_small = True
+        elif b" 1 " in response:
+            alphabet = alphabet[:current_mid]
+            current_mid = find_middle(alphabet)
+            passkey = pass_gen(char=alphabet[current_mid], pos=start, premade=passkey)
+            if last_response_was_small:
+                flipped = True
+            else:
+                flipped = False
+            last_response_was_small = False
+        else:
+            print("Password cracked as: %s"%passkey)
+            cracked = True
+            conn.interactive()
+        conn.sendline(passkey)
+        print("Current letters:\n%s"%alphabet)
+        print("Pass sent as:\n%s"%passkey)
+        response = conn.recvline_contains(b"strcmp")
+        print("Server response:\n%s"%response)
+        alphabet = master_alphabet[master_alphabet.index(alphabet[0]):]
         current_mid = find_middle(alphabet)
-        previous_pass = passkey
-        passkey = pass_gen(char=alphabet[current_mid], pos=start, premade=passkey)
-    elif b" 1 " in response:
-        alphabet = alphabet[:current_mid]
-        current_mid = find_middle(alphabet)
-        previous_pass = passkey
-        passkey = pass_gen(char=alphabet[current_mid], pos=start, premade=passkey)
-    else:
-        print("Password cracked as: %s"%passkey)
-        cracked = True
-        conn.interactive()
-    conn.sendline(passkey)
-    print("Current letters:\n%s"%alphabet)
-    print("Pass sent as:\n%s"%passkey)
-    response = conn.recvline_contains(b"strcmp")
-    print("Server response:\n%s"%response)
-    alphabet = master_alphabet[master_alphabet.index(alphabet[0]):]
-    current_mid = find_middle(alphabet)
-    start += 1
-\ No newline at end of file
+    start += 1
+    flipped = False
+\ No newline at end of file