Home Explore Help
Sign In
g
/
hm0x14-ctf
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
hm0x14-ctf
/
rc4
/
crypto2
/
solution.py

solution.py 2.1 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. import requests
    2. 

  2. from binascii import hexlify, unhexlify
    3. 

  3. 

  4. url = 'http://192.168.0.222:5000'
    5. 

  5. 

  6. # Any registered username and password
    7. 

  7. username = 'myBLfLEDraYh3Dq'
    8. 

  8. password = '9GQLqu39EviKw'
    9. 

  9. 

  10. # default comment and any much longer string
    11. 

  11. original = 'No description yet'
    12. 

  12. description = 'stringadiversamapiulungastringadiversamapiulungastringa'.encode('ascii')
    13. 

  13. 

  14. # do login
    15. 

  15. s = requests.session()
    16. 

  16. r = s.post(url + '/login', data={'username': username, 'password': password})
    17. 

  17. 

  18. cur_iv = s.cookies['iv']
    19. 

  19. 

  20. ciphertext1 = s.cookies['session']
    21. 

  21. 

  22. # loop trough 256 requests to obtain a two time pad
    23. 

  23. for i in range(int(cur_iv), int(cur_iv)+256):
    24. 

  24. 	s.post(url + '/user', data={'description': description})
    25. 

  25. 

  26. 	if s.cookies['iv'] == cur_iv:
    27. 

  27. 		ciphertext2 = s.cookies['session']
    28. 

  28. 

  29. for i in range(0, len(ciphertext1), 2):
    30. 

  30. 	if ciphertext1[i:i+1] != ciphertext2[i:i+1]:
    31. 

  31. 		break
    32. 

  32. 

  33. # obtain new cookis with the original comment to flip the fals in true
    34. 

  34. s.post(url + '/user', data={'description': original})
    35. 

  35. 

  36. cur_iv = s.cookies['iv']
    37. 

  37. uid = s.cookies['uid']
    38. 

  38. 

  39. description = description.hex()
    40. 

  40. ciphertext1 = ciphertext1[i:]
    41. 

  41. ciphertext2 = ciphertext2[i:i+len(description)]
    42. 

  42. 

  43. # xor our known plaintext with the given ciphertext to recover part of the rc4 stream
    44. 

  44. key = '{:x}'.format(int(ciphertext2, 16) ^ int(description, 16))[0:len(ciphertext1)]
    45. 

  45. # xor our known rc4 stream with the default comment on the same iteration to decrypt the final parte of the cookie
    46. 

  46. plaintext = unhexlify('{:x}'.format(int(key, 16) ^ int(ciphertext1, 16)))
    47. 

  47. 

  48. # print the plaintext and notice it has a show_flag parameter
    49. 

  49. print('[*] Decrypted first cookie: ' + plaintext.decode('ascii'))
    50. 

  50. 

  51. # xor 'true ' with 'false' to calculate the value to use to flip the ciphertext
    52. 

  52. flip = '{:x}'.format(int('true '.encode('ascii').hex(), 16) ^ int('false'.encode('ascii').hex(), 16))
    53. 

  53. 

  54. cur_session = s.cookies['session']
    55. 

  55. # xor to obtain 'true ' from false'
    56. 

  56. flip = '{:x}'.format(int(flip, 16) ^ int(cur_session[-12:-2], 16))
    57. 

  57. session = cur_session[0:-12] + flip + cur_session[-2:]
    58. 

  58. # get the flag!
    59. 

  59. flag = requests.get(url + '/user', cookies={'iv': cur_iv, 'uid': uid, 'session': session})
    60. 

  60. 

  61. print('[*] Got the flag: ' + flag.text)
    62.