I was messing around with Nullcon HackIM 2014 last week and I stumbled upon this little problem.
Given five positive integers A, B, C, D and E. It is required to perform a daunting task to compute a Key = Pow(A, Pow(B, Pow(C, Pow(D, Pow(E))))). Fortunately, Key is required to be mod a prime number P
Connect to Server to get A, B, C, D, E & P and Help the Sherlock Holmes to get the key.
You netcat to the server, and sure enough, get back a random question that is much too complicated for even a super computer to straight up calculate. The point of the problem is that since the key has to be mod of a prime number, you can use clever Euclidean mathematics in order to greatly simplify the brute-forcing involved. However, the best hackers know that you always go for the lowest hanging fruit first.
It worked on the first try. =) Props to Derek for coming up with the idea.
#!/usr/bin/python
import socket
import re
import sys
import urllib2
HOST = '23.23.190.204'
PORT = 2000
# connect to server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
# get rid of welcome message
data = s.recv(1024)
while True:
data = s.recv(1024)
print "\nRecv:\n" + data
match = re.search(r'What is (.+) \?', data)
if match:
equ = match.group(1)
print "equ = " + equ
else:
print 'Regex did not match'
sys.exit()
# make replacements
equ = equ.replace('(', '%28')
equ = equ.replace(')', '%29')
equ = equ.replace(' ', '+')
equ = equ.replace('^', '%5E')
print "visiting: " + "http://www.wolframalpha.com/input/?i=" + equ
data = urllib2.urlopen("http://www.wolframalpha.com/input/?i=" + equ).read()
match = re.search(r'context.jsonArray.popups.pod_0200.push\( {"stringified": "(\d+)"', data)
if match:
answer = match.group(1)
print "answer = " + answer
else:
print 'Error with Wolfram =('
sys.exit()
# send answer
s.send(str(answer) + "\n")
# get rid of header message
data = s.recv(1024)
print data
No comments:
Post a Comment