forked from RaaCT0R/CTF-Challenges
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.py
54 lines (41 loc) · 1.25 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad
from pwn import *
r = remote("crypto.2021.chall.actf.co", 21112)
def f_send(text):
r.sendlineafter(': ', text)
resp = r.recvuntil('\n')
return resp[:-1]
print ('[*] Round 1')
# Poisen plaintext
pd1 = 'a'*7 + '{}' + 'a'*32
pd1 = pd1.encode().hex()
print ('\t| pd1: {0}'.format(pd1))
# Round 1
y = f_send(pd1)
print ('\t| server response: {0}'.format(y))
y2 = int(y[-64:-32], 16)
y3 = int(y[-32:], 16)
c2 = int(pd1[-64:-32], 16)
flag_2 = ((c2 ^ y3) ^ y2).to_bytes(16, 'big')
print ('\t| P1: {0}'.format(hex(y2)[2:]))
print ('\t| P2: {0}'.format(hex(y3)[2:]))
print ('\t| C1: {0}'.format(hex(c2)[2:]))
print ('[+] C0: {0}'.format(flag_2))
print ('[*] Round 2')
# Poisen plaintext
pd2 = 'a'*7 + '{}' + flag_2.decode('ascii')
pd2 = pd2.encode().hex()
print ('\t| pd1: {0}'.format(pd2))
# Round 2
y = f_send(pd2)
print ('\t| server response: {0}'.format(y))
y2 = int(y[-64:-32], 16)
y3 = int(y[-32:], 16)
c2 = int.from_bytes(flag_2, 'big')
flag_1 = ((c2 ^ y3) ^ y2).to_bytes(16, 'big')
print ('\t| P1: {0}'.format(hex(y2)[2:]))
print ('\t| P2: {0}'.format(hex(y3)[2:]))
print ('\t| C1: {0}'.format(hex(c2)[2:]))
print ('[+] C0: {0}'.format(flag_1))
print ('[+] Flag: {0}'.format(flag_1[7:] + flag_2))