Tags: python bruteforce scripting netcat
# Journey (20 points, misc)
_“You unlock this door with the key of imagination. Beyond it is another dimension: a dimension of sound, a dimension of sight, a dimension of mind. You’re moving into a land of both shadow and substance, of things and ideas. You’ve just crossed over into… the Twilight Zone.”_
Every journey starts on step ___one___
`nc p1.tjctf.org 8009`
This was a pretty fun and simple problem.
Running the command mentioned above, we are taken to what, at first glance, a typing game?
$ nc p1.tjctf.org 8009
The first step:
If we type what it wants for a while, it seems to go on forever...
The first step: one
The next step: infected
The next step: solubility
The next step:
Don't mess up either.
The next step: sitser
A step in the wrong direction!
Not knowing much Python, I could probably write a script that solves this for us.
### The Script
""" Python 'netcat like' module """
def __init__(self, ip, port):
self.buff = ""
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def read(self, length = 1024):
""" Read 1024 bytes off the socket """
def read_until(self, data):
""" Read data into the buffer until we have data """
while not data in self.buff:
self.buff += self.socket.recv(1024)
pos = self.buff.find(data)
rval = self.buff[:pos + len(data)]
self.buff = self.buff[pos + len(data):]
def write(self, data):
if __name__ == '__main__':
nc = Netcat('p1.tjctf.org', 8009)
nc.buff = b''
string = nc.read_until(b"\n")
string = string.decode("utf-8")
string = re.findall(r"\'(.*)\'", string)
string = ' '.join(string)
string += "\n"
string = str.encode(string)
After running `python3 journey.py` for a while, seeing all the things you'd have to type out by hand otherwise, we see the flag at the very end: