59 lines
1.6 KiB
Python
59 lines
1.6 KiB
Python
#!/usr/bin/env python3
|
|
from Cryptodome.Cipher import ChaCha20
|
|
from Cryptodome.Random import get_random_bytes
|
|
import json
|
|
import base64
|
|
def foo(name,nonce):
|
|
|
|
#token = json.dumps({
|
|
# "username" : name
|
|
#})
|
|
token = json.dumps({
|
|
"admin" : True
|
|
})
|
|
if json.loads(token).get("admin",False) == True:
|
|
print("ADMIN achieved")
|
|
else:
|
|
print("erorr")
|
|
#ENCRYPTED token.encode()
|
|
tc = token.encode()
|
|
etc = base64.b64encode(tc).decode()
|
|
dec_token = base64.b64decode(etc)
|
|
user = json.loads(dec_token)
|
|
print(user)
|
|
print(user.get("admin",False))
|
|
print(f"Token encoded: {tc}")
|
|
print(f"Token:{token}")
|
|
foo("admin",1)
|
|
name = input("Give me name!\n").strip()
|
|
token = json.dumps({
|
|
"username" : name
|
|
})
|
|
print(token.encode())
|
|
|
|
def attack():
|
|
enc_token = input("Give me the token:")
|
|
nonce, token = enc_token.split(".")
|
|
print(f"{nonce}, {token}")
|
|
payload = json.dumps({
|
|
"username" : "aaaa"
|
|
}).encode()
|
|
adminPayload = json.dumps({
|
|
"admin" : True
|
|
}).encode()
|
|
adminTok = b''
|
|
tok = base64.b64decode(token)
|
|
keystream = b''
|
|
print(f"Len payload:{len(payload)} Len tok:{len(tok)}")
|
|
keystream = bytes([p ^ t for p, t in zip(payload, tok)])
|
|
print(len(keystream))
|
|
adminTok = bytes([aP ^ k for aP, k in zip(adminPayload, keystream)])
|
|
print(f"admin Token:{adminTok} len admin Payload:{len(adminPayload)} lenTok:{len(adminTok)}")
|
|
print(f"{nonce}.{base64.b64encode(adminTok).decode()}")
|
|
#for i,j in zip(tok,payload):
|
|
|
|
# print(bytes(i^j))
|
|
#print(keystream)
|
|
#attack("j5l1MgGWqU06x2GvgXGEnXkoFPs=")
|
|
attack()
|