ALL the CTFS of Crypto2025 finally

2025-06-02 19:35:30 +02:00
parent aa0fe54b3b
commit 50c18f35b9
442 changed files with 1743 additions and 8 deletions
--- a/crypto-simmetric/forge-another-json-cookie/attack.py
+++ b/crypto-simmetric/forge-another-json-cookie/attack.py
@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+
+from Cryptodome.Cipher import AES
+from Cryptodome.Util.Padding import pad, unpad
+import json
+import base64
+from pwn import *
+HOST = "130.192.5.212"
+PORT = 6551
+
+server = remote(HOST,PORT)
+
+#      1  |    2 Block    |    3 Block |  4 Block       |
+#RICORDA ALLA FINE C'e' SEMPRE " in PIU'
+#name = 'aa            true              "a               " '
+# AGGIUNGI anche 'aa'
+name = 'aa'+' '*(16-len('true')-1)+':true'+' '*(15)+'"'+'a'+' '*14+","+" "*15+' '*15+'"'+' '*15+' '*5+'a'
+print(len(name))
+#print(name)
+
+print(server.recvline())
+#print(server.recvline())
+server.send(name)
+server.send(b'\n')
+tok = server.recvline()
+tok = tok.split(b":")[1].strip()
+print(tok)
+server.recvline()
+server.recvline()
+server.recvline()
+server.recvline()
+server.send(b'flag\n')
+print(server.recvline())
+enc = base64.b64decode(tok)
+tok = enc[0:16]+enc[112:128]+enc[16:32]+enc[64:80]+enc[48:64]+enc[96:112]+enc[128:144]
+tok = base64.b64encode(tok).decode()
+server.send(tok)
+server.send(b'\n')
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+print(server.recvline())
+#print(f"{payload} | len:{len(payload)}")
+#token = json.dumps({
+#    "username": name,
+
+#})
+#enc = token.encode()
+#for i in range(0,len(enc),16):
+#    print(enc[i:i+16])
+#print(enc[0:16]+enc[112:128]+enc[16:32]+enc[64:80]+enc[48:64]+enc[96:112]+enc[128:144])
--- a/crypto-simmetric/forge-another-json-cookie/chall.py
+++ b/crypto-simmetric/forge-another-json-cookie/chall.py
@ -0,0 +1,63 @@
+from Crypto.Cipher import AES
+from Crypto.Util.Padding import pad, unpad
+from Crypto.Random import get_random_bytes
+from secret import flag
+import json
+import base64
+
+key = get_random_bytes(32)
+
+
+def get_user_token(name):
+    cipher = AES.new(key=key, mode=AES.MODE_ECB)
+    token = json.dumps({
+        "username": name,
+        "admin": False
+    })
+
+    enc_token = cipher.encrypt(pad(token.encode(), AES.block_size))
+    return f"{base64.b64encode(enc_token).decode()}"
+
+
+def check_user_token(token):
+    cipher = AES.new(key=key, mode=AES.MODE_ECB)
+    dec_token = unpad(cipher.decrypt(base64.b64decode(token)), AES.block_size)
+
+    user = json.loads(dec_token)
+
+    if user.get("admin", False) == True:
+        return True
+    else:
+        return False
+
+
+def get_flag():
+    token = input("What is your token?\n> ").strip()
+    if check_user_token(token):
+        print("You are admin!")
+        print(f"This is your flag!\n{flag}")
+    else:
+        print("HEY! WHAT ARE YOU DOING!?")
+        exit(1)
+
+
+if __name__ == "__main__":
+    name = input("Hi, please tell me your name!\n> ").strip()
+    token = get_user_token(name)
+    print("This is your token: " + token)
+
+    menu = \
+        "What do you want to do?\n" + \
+        "quit - quit the program\n" + \
+        "help - show this menu again\n" + \
+        "flag - get the flag\n" + \
+        "> "
+    while True:
+        cmd = input(menu).strip()
+
+        if cmd == "quit":
+            break
+        elif cmd == "help":
+            continue
+        elif cmd == "flag":
+            get_flag()