reworked pwntools download script based on template [NOT TESTED]

ubcctf · Sep 27, 2024 · 880bf90 · 880bf90
1 parent f2704f2
commit 880bf90
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 11 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,4 +3,6 @@
 
 # Build file
 caronte
-coverage.txt
+coverage.txt
+import_pcaps/*
+temp/
diff --git a/connection_streams_controller.go b/connection_streams_controller.go
@@ -237,8 +237,18 @@ func (csc ConnectionStreamsController) DownloadConnectionMessages(c context.Cont
 		if format.Format == "base32" || format.Format == "base64" {
 			sb.WriteString("import base64\n")
 		}
-		sb.WriteString("from pwn import *\n\n")
-		sb.WriteString(fmt.Sprintf("p = remote('%s', %d)\n", connection.DestinationIP, connection.DestinationPort))
+		sb.WriteString(fmt.Sprintf(`from pwn import *
+from typing import List, Union
+import re
+import requests
+		
+FLAG_REGEX=r"FAUST_[A-Za-z0-9/+]{32}"
+TEST_IP = '%s'
+PORT = %d
+		
+def exploit(team_addr: str, chal_data: List[str]) -> Union[List[str], str]:
+	p = remote(team_addr, PORT)
+`, connection.DestinationIP, connection.DestinationPort))
 	}
 
 	lastIsClient, lastIsServer := true, true
@@ -299,6 +309,11 @@ func (csc ConnectionStreamsController) DownloadConnectionMessages(c context.Cont
 		}
 	}
 
+	sb.WriteString(`if __name__ == '__main__':
+	flags = exploit(TEST_IP, ['test'])
+	print(flags)
+		`)
+
 	return sb.String(), true
 }
 
@@ -359,18 +374,18 @@ func decodePwntools(payload []byte, isClient bool, format string) string {
 	var content string
 	switch format {
 	case "hex":
-		content = fmt.Sprintf("bytes.fromhex('%s')", DecodeBytes(payload, format))
+		content = fmt.Sprintf("\tbytes.fromhex('%s')", DecodeBytes(payload, format))
 	case "base32":
-		content = fmt.Sprintf("base64.b32decode('%s')", DecodeBytes(payload, format))
+		content = fmt.Sprintf("\tbase64.b32decode('%s')", DecodeBytes(payload, format))
 	case "base64":
-		content = fmt.Sprintf("base64.b64decode('%s')", DecodeBytes(payload, format))
+		content = fmt.Sprintf("\tbase64.b64decode('%s')", DecodeBytes(payload, format))
 	default:
 		content = fmt.Sprintf("'%s'", strings.Replace(DecodeBytes(payload, "ascii"), "'", "\\'", -1))
 	}
 
 	if isClient {
-		return fmt.Sprintf("p.send(%s)\n", content)
+		return fmt.Sprintf("\tp.send(%s)\n", content)
 	}
 
-	return fmt.Sprintf("p.recvuntil(%s)\n", content)
+	return fmt.Sprintf("\tp.recvuntil(%s)\n", content)
 }
diff --git a/scripts/example_commands.sh b/scripts/example_commands.sh
@@ -41,10 +41,10 @@ if $SETUP ; then
 	curl \
 		--header "Content-Type: application/json"  \
 		--request POST \
-		--data '{"config": {"server_address": "10.10.1.1", "flag_regex": "flg[a-zA-Z0-9]{25}", "auth_required": false}, "accounts": {"usr1": "pwd1"}}' \
+		--data '{"config": {"server_address": "fd66:666:171::2", "flag_regex": "FAUST_[a-zA-Z0-9]{32}", "auth_required": false}, "accounts": {"usr1": "pwd1"}}' \
 		http://localhost:3333/setup
 
-	setup_service 8080  crashair        E53935
+	setup_service 1236  UNKNOWN_A        E53935
 	setup_service 27017 aircnc          5E35B1
 	setup_service 80    lostpropertyhub F9A825
 	setup_service 5555  theone 	    F9A435
@@ -54,7 +54,7 @@ fi
 
 # import pcaps
 if $IMPORT ; then
-	PCAP_DIR="~/pcaps"
+	PCAP_DIR="./import_pcaps"
 	for PCAP in $PCAP_DIR/*.pcap ; do
 		echo "[+] Uploading $PCAP" && \
 		curl -F "file=@$PCAP" "http://localhost:3333/api/pcap/upload"