hm0x14-ctf/rc4/crypto2/solution.py

import requests
from binascii import hexlify, unhexlify

url = 'http://192.168.0.222:5000'

# Any registered username and password
username = 'myBLfLEDraYh3Dq'
password = '9GQLqu39EviKw'

# default comment and any much longer string
original = 'No description yet'
description = 'stringadiversamapiulungastringadiversamapiulungastringa'.encode('ascii')

# do login
s = requests.session()
r = s.post(url + '/login', data={'username': username, 'password': password})

cur_iv = s.cookies['iv']

ciphertext1 = s.cookies['session']

# loop trough 256 requests to obtain a two time pad
for i in range(int(cur_iv), int(cur_iv)+256):
	s.post(url + '/user', data={'description': description})

	if s.cookies['iv'] == cur_iv:
		ciphertext2 = s.cookies['session']

for i in range(0, len(ciphertext1), 2):
	if ciphertext1[i:i+1] != ciphertext2[i:i+1]:
		break

# obtain new cookis with the original comment to flip the fals in true
s.post(url + '/user', data={'description': original})

cur_iv = s.cookies['iv']
uid = s.cookies['uid']

description = description.hex()
ciphertext1 = ciphertext1[i:]
ciphertext2 = ciphertext2[i:i+len(description)]

# xor our known plaintext with the given ciphertext to recover part of the rc4 stream
key = '{:x}'.format(int(ciphertext2, 16) ^ int(description, 16))[0:len(ciphertext1)]
# xor our known rc4 stream with the default comment on the same iteration to decrypt the final parte of the cookie
plaintext = unhexlify('{:x}'.format(int(key, 16) ^ int(ciphertext1, 16)))

# print the plaintext and notice it has a show_flag parameter
print('[*] Decrypted first cookie: ' + plaintext.decode('ascii'))

# xor 'true ' with 'false' to calculate the value to use to flip the ciphertext
flip = '{:x}'.format(int('true '.encode('ascii').hex(), 16) ^ int('false'.encode('ascii').hex(), 16))

cur_session = s.cookies['session']
# xor to obtain 'true ' from false'
flip = '{:x}'.format(int(flip, 16) ^ int(cur_session[-12:-2], 16))
session = cur_session[0:-12] + flip + cur_session[-2:]
# get the flag!
flag = requests.get(url + '/user', cookies={'iv': cur_iv, 'uid': uid, 'session': session})

print('[*] Got the flag: ' + flag.text)
Import 2019-05-14 16:29:52 +02:00			`import requests`
			`from binascii import hexlify, unhexlify`

			`url = 'http://192.168.0.222:5000'`

			`# Any registered username and password`
			`username = 'myBLfLEDraYh3Dq'`
			`password = '9GQLqu39EviKw'`

			`# default comment and any much longer string`
			`original = 'No description yet'`
			`description = 'stringadiversamapiulungastringadiversamapiulungastringa'.encode('ascii')`

			`# do login`
			`s = requests.session()`
			`r = s.post(url + '/login', data={'username': username, 'password': password})`

			`cur_iv = s.cookies['iv']`

			`ciphertext1 = s.cookies['session']`

			`# loop trough 256 requests to obtain a two time pad`
			`for i in range(int(cur_iv), int(cur_iv)+256):`
			`s.post(url + '/user', data={'description': description})`

			`if s.cookies['iv'] == cur_iv:`
			`ciphertext2 = s.cookies['session']`

			`for i in range(0, len(ciphertext1), 2):`
			`if ciphertext1[i:i+1] != ciphertext2[i:i+1]:`
			`break`

			`# obtain new cookis with the original comment to flip the fals in true`
			`s.post(url + '/user', data={'description': original})`

			`cur_iv = s.cookies['iv']`
			`uid = s.cookies['uid']`

			`description = description.hex()`
			`ciphertext1 = ciphertext1[i:]`
			`ciphertext2 = ciphertext2[i:i+len(description)]`

			`# xor our known plaintext with the given ciphertext to recover part of the rc4 stream`
			`key = '{:x}'.format(int(ciphertext2, 16) ^ int(description, 16))[0:len(ciphertext1)]`
			`# xor our known rc4 stream with the default comment on the same iteration to decrypt the final parte of the cookie`
			`plaintext = unhexlify('{:x}'.format(int(key, 16) ^ int(ciphertext1, 16)))`

			`# print the plaintext and notice it has a show_flag parameter`
			`print('[*] Decrypted first cookie: ' + plaintext.decode('ascii'))`

			`# xor 'true ' with 'false' to calculate the value to use to flip the ciphertext`
			`flip = '{:x}'.format(int('true '.encode('ascii').hex(), 16) ^ int('false'.encode('ascii').hex(), 16))`

			`cur_session = s.cookies['session']`
			`# xor to obtain 'true ' from false'`
			`flip = '{:x}'.format(int(flip, 16) ^ int(cur_session[-12:-2], 16))`
			`session = cur_session[0:-12] + flip + cur_session[-2:]`
			`# get the flag!`
			`flag = requests.get(url + '/user', cookies={'iv': cur_iv, 'uid': uid, 'session': session})`

			`print('[*] Got the flag: ' + flag.text)`