netsec-webhomework/netsec.py

#!/usr/bin/env python

import re
import time
import socket
import hashlib
import requests
import sympy
"""
requirements:
    sympy
    requests
"""


def knock():
    for port in [1337, 2674, 4011]:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.setblocking(False)

        print("Knocking {}".format(port))
        s.connect_ex(("152.66.249.144", port))

        s.close()

        time.sleep(0.1)


def server_communicate():
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.setblocking(True)

    s.connect_ex(("152.66.249.144", 8888))

    print(s.recv(1024).decode())
    s.send("Y8O353".encode())
    print(s.recv(1024).decode())

    last_solution = numbre_crunch(s)

    print(s.recv(1024).decode())
    print(s.recv(1024).decode())

    sha1_magic(s, last_solution)

    s.close()


def sha1_magic(s, last_solution):
    hash_sha1 = hashlib.sha1()
    print('Y8O353{}'.format(last_solution))
    hash_sha1.update('Y8O353{}'.format(last_solution).encode())
    digest = str(hash_sha1.hexdigest())
    print(digest)
    s.send(digest.encode())
    print(s.recv(1024).decode())


def http_comm():
    sess = requests.Session()
    url = "http://152.66.249.144/"
    sess.post(url, data={"neptun": "Y8O353", "password": "crysys"})
    cert = sess.get("{}getcert.php".format(url), allow_redirects=True)
    open("/tmp/clientcert.pem", "wb").write(cert.content)
    key = sess.get("{}getkey.php".format(url), allow_redirects=True)
    open("/tmp/clientkey.pem", "wb").write(key.content)


def https_comm():
    sess = requests.Session()
    url = "https://152.66.249.144/"
    flag = sess.get(url, cert=("/tmp/clientcert.pem", "/tmp/clientkey.pem"), verify=False)
    print(flag.content)


def numbre_crunch(s):
    problem_statement = s.recv(1024).decode().split('\n')
    numofcycles = re.findall(r'[0-9]+', problem_statement[0])

    print(problem_statement)
    solution1 = sympy.sympify(problem_statement[2].split('.')[1].split('=')[0])
    print(solution1)
    s.send(str(solution1).encode())

    last_solution = None

    for i in range(int(numofcycles[0]) - 1):
        problem_statement_for = s.recv(1024).decode()
        print(problem_statement_for)
        solution = sympy.sympify(problem_statement_for.split('.')[1].split('=')[0])
        print(solution)
        s.send(str(solution).encode())
        last_solution=solution

    return last_solution


if __name__ == '__main__':
    knock()
    server_communicate()
    http_comm()
    #https_comm()
initial commit 2020-04-23 16:23:06 +02:00			`#!/usr/bin/env python`

			`import re`
			`import time`
			`import socket`
			`import hashlib`
			`import requests`
			`import sympy`
			`"""`
			`requirements:`
			`sympy`
			`requests`
			`"""`


			`def knock():`
			`for port in [1337, 2674, 4011]:`
			`s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)`
			`s.setblocking(False)`

			`print("Knocking {}".format(port))`
			`s.connect_ex(("152.66.249.144", port))`

			`s.close()`

			`time.sleep(0.1)`


			`def server_communicate():`
			`s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)`
			`s.setblocking(True)`

			`s.connect_ex(("152.66.249.144", 8888))`

			`print(s.recv(1024).decode())`
			`s.send("Y8O353".encode())`
			`print(s.recv(1024).decode())`

			`last_solution = numbre_crunch(s)`

			`print(s.recv(1024).decode())`
			`print(s.recv(1024).decode())`

			`sha1_magic(s, last_solution)`

			`s.close()`


			`def sha1_magic(s, last_solution):`
			`hash_sha1 = hashlib.sha1()`
			`print('Y8O353{}'.format(last_solution))`
			`hash_sha1.update('Y8O353{}'.format(last_solution).encode())`
			`digest = str(hash_sha1.hexdigest())`
			`print(digest)`
			`s.send(digest.encode())`
			`print(s.recv(1024).decode())`


			`def http_comm():`
			`sess = requests.Session()`
			`url = "http://152.66.249.144/"`
			`sess.post(url, data={"neptun": "Y8O353", "password": "crysys"})`
			`cert = sess.get("{}getcert.php".format(url), allow_redirects=True)`
			`open("/tmp/clientcert.pem", "wb").write(cert.content)`
			`key = sess.get("{}getkey.php".format(url), allow_redirects=True)`
			`open("/tmp/clientkey.pem", "wb").write(key.content)`


			`def https_comm():`
			`sess = requests.Session()`
			`url = "https://152.66.249.144/"`
			`flag = sess.get(url, cert=("/tmp/clientcert.pem", "/tmp/clientkey.pem"), verify=False)`
			`print(flag.content)`


			`def numbre_crunch(s):`
			`problem_statement = s.recv(1024).decode().split('\n')`
			`numofcycles = re.findall(r'[0-9]+', problem_statement[0])`

			`print(problem_statement)`
			`solution1 = sympy.sympify(problem_statement[2].split('.')[1].split('=')[0])`
			`print(solution1)`
			`s.send(str(solution1).encode())`

			`last_solution = None`

			`for i in range(int(numofcycles[0]) - 1):`
			`problem_statement_for = s.recv(1024).decode()`
			`print(problem_statement_for)`
			`solution = sympy.sympify(problem_statement_for.split('.')[1].split('=')[0])`
			`print(solution)`
			`s.send(str(solution).encode())`
			`last_solution=solution`

			`return last_solution`


			`if __name__ == '__main__':`
			`knock()`
			`server_communicate()`
			`http_comm()`
			`#https_comm()`