Possibly Related Threads…

Windows7 · Aug 02, 2024, 05:54 AM

brute.py

#!/usr/bin/env python3

import pwn

import string

from hashlib import sha256

def xor(a, b):

    return bytes([i ^ j for i, j in zip(a, b)])

def H(m):

    return sha256(m).digest()

def send_payload(conn, payload):

    # receive until '> '

    conn.recvuntil(b'> ')

    # send '1'

    conn.sendline(b'1')

    # receive until 'Enter your message: '

    conn.recvuntil(b'Enter your message: ')

    # send payload

    conn.sendline(payload)

    # get hash receiving the next line

    h = conn.recvline().decode().split(":")[1].strip()

    return h

host = '94.237.59.63'  #change accordingly

port = 35688   #change accordingly

# establish connection

conn = pwn.remote(host, port)

flag = ""

l = 1

while not flag.endswith("}"):

    sentinel = H(b'\0'*l).hex()

    with pwn.log.progress('Finding next character {} + _...'.format(flag)):

        for c in string.printable:

            guess = flag + c

            # send guess

            h_guess = send_payload(conn, guess.encode('utf-8'))

            if h_guess == sentinel:

                print(f"Found next character of flag: {c}")

                flag += c

                break

        else:

            # next character not found

            print("Couldn't found next character. Cracking failed.")

            exit(1)

    l += 1

print("Cracked flag! {}".format(flag))

# close connection

conn.close()

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	376	93,727	32 minutes ago Last Post: Sukon
	[FREE] CPTS • CWES • CDSA • CWEE Exam Hint	3midjets	233	32,328	38 minutes ago Last Post: Sukon
	[FREE] CPTS 12 FLAGS	pulsebreaker	74	2,361	42 minutes ago Last Post: Sukon
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	89	8,101	5 hours ago Last Post: Xploitd
	[FREE] HackTheBox All Cheatsheets	Tamarisk	10	629	9 hours ago Last Post: chufoni