Files
ctf/2025/hack.lu/crypto/manual/public/exploit.py
2025-10-19 20:35:43 +02:00

28 lines
828 B
Python

from binascii import hexlify
from pwn import *
flag = b"flag{this_is_a_test_flag_:D_>.<}"
local = "localhost"
live = "manual.flu.xxx"
with remote(local, 1024) as p:
for j in range(len(flag)):
encoded_versions = []
for i in range(256):
print(p.recvuntil(b":").decode())
payload = hexlify(flag[:j]) + f"{i:02x}".encode() + hexlify(flag[j+1:])
p.sendline(payload)
print(p.recvuntil(b":").decode())
encoded_flag = p.recvn(64).decode()
encoded_versions.append(encoded_flag)
print(p.recvuntil(b":").decode())
p.sendline(b"finish")
print(p.recvuntil(b":").decode())
flag_encoded = p.recvn(64).decode()
for v in encoded_versions:
print(xor(v, flag_encoded).replace(b"\x00", b" "))