CSAW 2016: Regexpire - Misc, 100pts

I thought I found a perfect match but she ended up being my regEx girlfriend.

Regexpire was a challenge to test your knowledge of regular expressions and scripting skill. When connecting to the server, you are presented with a regular expression and are expected to input a string that matches the regular expression within a very short time. To address this problem, I wrote a Python script that reads the incoming regular expressions and creates a string that very crudely matches the regular expressions. I achieved this merely through a bunch of conditionals that would behave differently upon seing "[", "(", "{", "+", "*", "\", and normal characters. The code can be seen here: regexpire.py

The script would scan through the entire regex character by character. Once a "(" or "[" bracket was detected, the script would merely add the first character it could in cases like "[a-z]" and the first word in cases like "(dog|cat)" to the output. The script also stores the last thing it added, so when "{" is detected, it merely adds the appropriate amount of characters to the output. As for "+" and "*", the script would add nothing since a single appearance of the previous character is sufficient. Upon seeing a "\", I wrote another method that looks at the character directly after the "\" and outputs the appropriate category of character (number, letter, etc.). And lastly, upon seeing a stand alone character, it merely adds that character to the output. The result is a string that fits the regular expression given. This script took a lot of trouble shooting to write, but it handled enough regex information to return about 1000 valid strings to the server. Once enough valid strings were returned to the server, it sent back the flag.

This post was originally uploaded on aaroncook.xyz