使用pwntools達到腳本解
nc 34.148.103.218:1228,solve 1000 of math problems. Easy or hard? Up to you. 1. 用netcat連上servernc 34.148.103.218:1228
會得到:
You must solve 1000 of these math problems that are outputted in the following format {number} {operation} {number} to get the flag.
Division is integer division using the // operator.
The input is being checked through python input() function.
Good luck!
96 * 51
server會隨機出數學題,並透過input()做輸入。
我們的任務就是想辦法取得一行一行的題目,並對題目做運算後直接回傳給server就可以解決一題了;只要循環這個過程1000次,我想就能得到Flag了,耶。 聽起來真簡單:)from pwn import *
HOST = "34.148.103.218"
PORT = 1228
def conn(): #connect to server
r = remote(HOST, PORT)
print(r.recvuntil(b'!'))
r.recvline()
r.recvline()
return r
r = conn()
count = 1
while count <= 1000:
try:
print('{0}/1000'.format(count))
question = r.recvline()
print(str(question))
break_question = question.split(b" ")
first = int(break_question[0])
second = int(break_question[2])
# print('first',first)
# print('sec',second)
# print('symbol', break_question[1])
if break_question[1] == b'-':
result = str(first - second)
print(result)
r.sendline(result.encode())
if break_question[1] == b'*':
result = str(first * second)
print(result)
r.sendline(result.encode())
if break_question[1] == b'+':
result = str(first + second)
print(result)
r.sendline(result.encode())
if break_question[1] == b'//':
result = str(first // second)
print(result)
r.sendline(result.encode())
r.recvline()
count += 1
except:
r = conn() # Server side TIMEOUT
count = 1 # restart
flag = r.recvline()
print(flag)