#!/usr/bin/env python3 from Cryptodome.Random import get_random_bytes from pwn import * HOST = "130.192.5.212" PORT = "6544" lenFlag = len("CRYPTO25{}")+36 # 46 total server = remote(HOST, PORT) #padding1 + padding2 = 10 PAD_NUM = 10 #AES block 16 #server.send(b"enc\n") flagGuessed = b'' sleepT = 0.1 pad1Len = 0 pad2Len = 0 #print(server.recv(1024)) for i in range(1,6): pad=b'A'*(16-i) secondBlock=b'B'*16 thirdBlock=b'B'*16 print(server.recvline()) print(server.recvline()) print(server.recvline()) print(server.recvline()) server.send(b'enc\n') toSend = pad + secondBlock + thirdBlock print(f"Sending {toSend} with len {len(toSend)}") server.send( toSend.hex()) server.send(b'\n') ciphertext = server.recvline().strip(b"> >").strip() ciphertext = bytes.fromhex(ciphertext.decode('utf-8')) if ciphertext[16:32] == ciphertext[32:48]: pad1Len = i pad2Len = 10-i print(f"Found the right padding num:{pad1Len} and second pad len:{pad2Len}") break assert(pad1Len <= 6) assert(pad2Len > 0) print('-------') pad2Guessed = b'' sleepT = 0.1 for i in range(pad2Len): pad1 = b'A' * (16-pad1Len) data = b'B' * (16 - (len(pad2Guessed)+1) ) fPayload = data + pad2Guessed for g in range(255): assert(g != 255) print(server.recvline()) print(server.recvline()) print(server.recvline()) print(server.recvline()) guess = g.to_bytes() server.send(b'enc\n') toSend = pad1 + fPayload + guess + data print(f"Sending {toSend} with len {len(toSend)} and PAD2Len:{pad2Len}") server.send( toSend.hex()) server.send(b'\n') ciphertext = server.recvline().strip(b"> >").strip() ciphertext = bytes.fromhex(ciphertext.decode('utf-8')) print(ciphertext) #print(server.recv(4096)) #sleep(3) """try: ciphertext = server.recv(4096) ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b'\n')[0].strip().decode('utf-8')) #print(ciphertext) #ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8')) except: ciphertext = bytes.fromhex(ciphertext.split(b'\n')[4].strip(b" >").decode('utf-8')) #print(f"ERROR CIPHER:{ciphertext}") #g = g - 1 if ciphertext[16:32] == ciphertext[32:48]: print(f"Matched guess: {guess}") pad2Guessed += guess print(f"Already Guessed: {pad2Guessed}") break #sleep(sleepT)""" assert(len(pad2Guessed) == pad2Len) print(f"FOUND PADDING 2:{pad2Guessed}") #sleep(1000) firstBlock = b'' #already guessed 280043 for i in range(3): for j in range(16): pad1 = b'A' * (16-pad1Len) #data = b'B'*(16-pad2Len-(j+1)) data = b'B'*(16 - pad2Len - (len(firstBlock)+1) ) fPayload = data + firstBlock for guess in string.printable: guess = bytes(guess,'utf-8') server.send(b'enc\n') #server.recv(1024) sleep(sleepT) #The second pad can be whatever #if(len(firstBlock)>0): # toSend = pad1 + fPayload + firstBlock + guess + data #$else: toSend = pad1 + fPayload + pad2Guessed + guess + fPayload print(f"Payload len: {len(fPayload+pad2Guessed+guess+fPayload)}") print(f"Sending {toSend} with len {len(toSend)} and PAD2Len:{pad2Len}") server.send( toSend.hex()) server.send(b'\n') sleep(sleepT) #print(server.recv(4096)) #sleep(3) try: ciphertext = server.recv(4096) ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b'\n')[0].strip().decode('utf-8')) #print(ciphertext) #ciphertext = bytes.fromhex(ciphertext.strip(b" >").split(b"\n")[0].decode('utf-8')) except: ciphertext = bytes.fromhex(ciphertext.split(b'\n')[4].strip(b" >").decode('utf-8')) #print(f"ERROR CIPHER:{ciphertext}") #g = g - 1 if ciphertext[16:32] == ciphertext[32:48]: print(f"Matched guess: {guess}") firstBlock += guess print(f"FLAG Already Guessed: {firstBlock}") break