initial commit

2020-04-23 16:23:06 +02:00 · 2020-04-23 16:23:06 +02:00 · 31e9744aa0
commit 31e9744aa0
3 changed files with 106 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+venv/
+.idea/
--- a/netsec.py
+++ b/netsec.py
@ -0,0 +1,102 @@
+#!/usr/bin/env python
+
+import re
+import time
+import socket
+import hashlib
+import requests
+import sympy
+"""
+requirements:
+    sympy
+    requests
+"""
+
+
+def knock():
+    for port in [1337, 2674, 4011]:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        s.setblocking(False)
+
+        print("Knocking {}".format(port))
+        s.connect_ex(("152.66.249.144", port))
+
+        s.close()
+
+        time.sleep(0.1)
+
+
+def server_communicate():
+    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    s.setblocking(True)
+
+    s.connect_ex(("152.66.249.144", 8888))
+
+    print(s.recv(1024).decode())
+    s.send("Y8O353".encode())
+    print(s.recv(1024).decode())
+
+    last_solution = numbre_crunch(s)
+
+    print(s.recv(1024).decode())
+    print(s.recv(1024).decode())
+
+    sha1_magic(s, last_solution)
+
+    s.close()
+
+
+def sha1_magic(s, last_solution):
+    hash_sha1 = hashlib.sha1()
+    print('Y8O353{}'.format(last_solution))
+    hash_sha1.update('Y8O353{}'.format(last_solution).encode())
+    digest = str(hash_sha1.hexdigest())
+    print(digest)
+    s.send(digest.encode())
+    print(s.recv(1024).decode())
+
+
+def http_comm():
+    sess = requests.Session()
+    url = "http://152.66.249.144/"
+    sess.post(url, data={"neptun": "Y8O353", "password": "crysys"})
+    cert = sess.get("{}getcert.php".format(url), allow_redirects=True)
+    open("/tmp/clientcert.pem", "wb").write(cert.content)
+    key = sess.get("{}getkey.php".format(url), allow_redirects=True)
+    open("/tmp/clientkey.pem", "wb").write(key.content)
+
+
+def https_comm():
+    sess = requests.Session()
+    url = "https://152.66.249.144/"
+    flag = sess.get(url, cert=("/tmp/clientcert.pem", "/tmp/clientkey.pem"), verify=False)
+    print(flag.content)
+
+
+def numbre_crunch(s):
+    problem_statement = s.recv(1024).decode().split('\n')
+    numofcycles = re.findall(r'[0-9]+', problem_statement[0])
+
+    print(problem_statement)
+    solution1 = sympy.sympify(problem_statement[2].split('.')[1].split('=')[0])
+    print(solution1)
+    s.send(str(solution1).encode())
+
+    last_solution = None
+
+    for i in range(int(numofcycles[0]) - 1):
+        problem_statement_for = s.recv(1024).decode()
+        print(problem_statement_for)
+        solution = sympy.sympify(problem_statement_for.split('.')[1].split('=')[0])
+        print(solution)
+        s.send(str(solution).encode())
+        last_solution=solution
+
+    return last_solution
+
+
+if __name__ == '__main__':
+    knock()
+    server_communicate()
+    http_comm()
+    #https_comm()
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,2 @@
+sympy
+requests