ALL the CTFS of Crypto2025 finally

2025-06-02 19:35:30 +02:00
parent aa0fe54b3b
commit 50c18f35b9
442 changed files with 1743 additions and 8 deletions
--- a/crypto-simmetric/forge-another-cookie/attack.py
+++ b/crypto-simmetric/forge-another-cookie/attack.py
@ -0,0 +1,40 @@
+#!/usr/bin/env python3
+
+from pwn import *
+from Cryptodome.Cipher import AES
+from Cryptodome.Util.Padding import pad, unpad
+from Cryptodome.Util.number import long_to_bytes, bytes_to_long
+HOST = "130.192.5.212"
+PORT = "6552"
+server = remote(HOST,PORT)
+sleepT = 0.1
+#21 bytes of cookie + username bytes to add
+"""firstBlock=b'username='+b'A'*7
+print(len(firstBlock))
+#secondBlock=pad(b'true',AES.block_size)
+thirdBlock=b'A'*9+b'&admin='
+print(len(firstBlock+thirdBlock))"""
+payload = b'A'*7+pad(b'true',AES.block_size)+b'B'*9
+# &admin in one block and false in another one
+# remove false and add true block
+print(server.recv(1024))
+sleep(sleepT)
+print(f"Sending:{payload,len(payload)}")
+server.send(payload)
+server.send(b'\n')
+sleep(sleepT)
+enc = server.recv(1024).strip().split(b'\n')[0]
+enc = int(enc)
+enc=long_to_bytes(enc)
+#print(enc[0:16])
+#print(enc[16:32])
+copypaste=enc[0:16]+enc[32:48]+enc[16:32]
+out=bytes_to_long(copypaste)
+sleep(sleepT)
+server.send(b'flag\n')
+print(server.recv(1024))
+sleep(sleepT)
+server.send(str(out))
+server.send(b'\n')
+print(server.recv(1024))
+sleep(sleepT)