from pwn import * def start(): return remote('host', 31337) io = start() io.recvuntil(b'> ') io.sendline(b'test') print(io.recvall())
import requests
s = requests.Session()
r = s.post(URL, data={'u':'a','p':'b'})
print(r.status_code)
print(r.text[:300])
for cand in candidates: out = attempt(cand) if b'flag{' in out.lower(): print('hit', cand) break
import base64, binascii hex_bytes = binascii.unhexlify('7069636f') b64_bytes = base64.b64decode('cGljbw==') def xor(data, key): return bytes(b ^ key[i % len(key)] for i,b in enumerate(data))
from pwn import * p64(0xdeadbeef) u64(data.ljust(8, b'\x00')) cyclic(200) cyclic_find(0x6161616c)
import logging
logging.basicConfig(level=logging.INFO, format='[%(levelname)s] %(message)s')
logging.info('starting')
| Check | Reason |
|---|---|
| bytes vs str | most CTF bugs come from mixing them |
| timeouts | remote services hang; set them |
| save raw output | log every attempt worth keeping |
| parameterize host/port | avoid hardcoding challenge changes |