zebra-lib
Item
Value
#!/usr/bin/env python3
from pwn import *
import base64, zlib, re, time, sys
HOST = "35.246.159.76"
PORT = 31428
context.log_level = "error"
PROMPT = b"Insert work proof:"
B64_RE = re.compile(rb'^[A-Za-z0-9_\-+/=]{16,}$')
def b64_decode_padded_any(s: bytes) -> bytes:
s = s.strip()
s += b'=' * ((4 - (len(s) % 4)) % 4)
return base64.urlsafe_b64decode(s)
def extract_last_b64(from_blob: bytes) -> bytes:
lines = [ln.strip() for ln in from_blob.splitlines() if ln.strip()]
for ln in reversed(lines):
if B64_RE.match(ln) and b"Incoming" not in ln and PROMPT not in ln:
return ln
return b""
def decode_payload(b64_line: bytes) -> str:
comp = b64_decode_padded_any(b64_line)
return zlib.decompress(comp).decode(errors="replace").strip()
def run_once():
io = remote(HOST, PORT)
io.timeout = 1.0
buf = b""
rounds = 0
last_progress = time.time()
while True:
try:
chunk = io.recv(4096, timeout=1.0)
except EOFError:
if buf:
print("\n[EOF] Last server output:\n" + buf.decode(errors="replace"))
raise
if chunk:
buf += chunk
last_progress = time.time()
if b"CTF{" in buf:
print("\n" + buf.decode(errors="replace"))
return True
while True:
idx = buf.find(PROMPT)
if idx == -1:
break
before = buf[:idx + len(PROMPT)]
after = buf[idx + len(PROMPT):]
b64_line = extract_last_b64(before)
if not b64_line:
print("\n[!] Prompt găsit, dar nu găsesc linie base64 în:\n" +
before.decode(errors="replace"))
return False
payload = decode_payload(b64_line)
io.sendline(payload.encode())
rounds += 1
if rounds % 25 == 0:
print(f"\rRounds solved: {rounds}", end="", flush=True)
buf = after
if b"CTF{" in buf:
print("\n" + buf.decode(errors="replace"))
return True
if time.time() - last_progress > 10:
print("\n[!] No progress for 10s. Current buffer:\n" + buf.decode(errors="replace"))
return False
def main():
backoff = 0.2
while True:
try:
if run_once():
break
backoff = 0.2
except EOFError:
time.sleep(backoff)
backoff = min(backoff * 2, 2.0)
if __name__ == "__main__":
main()
Last updated