emln/crypto2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CTFs and solutions

Browse Source
This commit is contained in:
emln
2025-04-27 19:24:27 +02:00
commit aa0fe54b3b
426 changed files with 2756 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
forge-a-cookie/attack.py Normal file
View File

@ -0,0 +1,58 @@
#!/usr/bin/env python3
from Cryptodome.Cipher import ChaCha20
from Cryptodome.Random import get_random_bytes
import json
import base64
def foo(name,nonce):
#token = json.dumps({
# "username" : name
#})
token = json.dumps({
"admin" : True
})
if json.loads(token).get("admin",False) == True:
print("ADMIN achieved")
else:
print("erorr")
#ENCRYPTED token.encode()
tc = token.encode()
etc = base64.b64encode(tc).decode()
dec_token = base64.b64decode(etc)
user = json.loads(dec_token)
print(user)
print(user.get("admin",False))
print(f"Token encoded: {tc}")
print(f"Token:{token}")
foo("admin",1)
name = input("Give me name!\n").strip()
token = json.dumps({
"username" : name
})
print(token.encode())
def attack():
enc_token = input("Give me the token:")
nonce, token = enc_token.split(".")
print(f"{nonce}, {token}")
payload = json.dumps({
"username" : "aaaa"
}).encode()
adminPayload = json.dumps({
"admin" : True
}).encode()
adminTok = b''
tok = base64.b64decode(token)
keystream = b''
print(f"Len payload:{len(payload)} Len tok:{len(tok)}")
keystream = bytes([p ^ t for p, t in zip(payload, tok)])
print(len(keystream))
adminTok = bytes([aP ^ k for aP, k in zip(adminPayload, keystream)])
print(f"admin Token:{adminTok} len admin Payload:{len(adminPayload)} lenTok:{len(adminTok)}")
print(f"{nonce}.{base64.b64encode(adminTok).decode()}")
#for i,j in zip(tok,payload):
# print(bytes(i^j))
#print(keystream)
#attack("j5l1MgGWqU06x2GvgXGEnXkoFPs=")
attack()

80
forge-a-cookie/chall.py Normal file
View File

@ -0,0 +1,80 @@
from Cryptodome.Cipher import ChaCha20
from Cryptodome.Random import get_random_bytes
#from secret import flag
import json
import base64
key = get_random_bytes(32)
def make_cipher():
nonce = get_random_bytes(12)
cipher = ChaCha20.new(key=key, nonce=nonce)
return nonce, cipher
def get_user_token(name):
nonce, cipher = make_cipher()
token = json.dumps({
"username": name
})
#token = json.dumps({
# "admin": True
#})
print(f"{token.encode()}")
enc_token = cipher.encrypt(token.encode())
print(f"ENC_TOKEN:{enc_token}, NONCE:{nonce}")
return f"{base64.b64encode(nonce).decode()}.{base64.b64encode(enc_token).decode()}"
def check_user_token(token):
nonce, token = token.split(".")
#It uses the nonce from the token
nonce = base64.b64decode(nonce)
print(f"CHECK NONCE {nonce} TOKEN {base64.b64decode(token)}")
#Uses the same KEY used at the beginning
#cipher = ChaCha20.new(key=key, nonce=nonce)
cipher = ChaCha20.new(key=key, nonce=nonce)
#Obtain from the token and the nonce the key used
#at the beginning forge new cookie enjoy
dec_token = cipher.decrypt(base64.b64decode(token))
user = json.loads(dec_token)
print(user.get("admin",False))
if user.get("admin", False) == True:
return True
else:
return False
def get_flag(token):
#token = input("What is your token?\n> ").strip()
if check_user_token(token):
print("You are admin!")
print(f"This is your flag!\nPUPPA")
else:
print("HEY! WHAT ARE YOU DOING!?")
exit(1)
if __name__ == "__main__":
name = input("Hi, please tell me your name!\n> ").strip()
token = get_user_token(name)
print("This is your token: " + token)
menu = \
"What do you want to do?\n" + \
"quit - quit the program\n" + \
"help - show this menu again\n" + \
"flag - get the flag\n" + \
"> "
while True:
cmd = input(menu).strip()
if cmd == "quit":
break
elif cmd == "help":
continue
elif cmd == "flag":
#check_user_token(token)
get_flag(token)