emln/crypto2025
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
50c18f35b97af9fbdb1f94c7f24245e6bf13b40d
crypto2025/crypto-simmetric/forge-another-json-cookie/attack.py
emln 50c18f35b9 ALL the CTFS of Crypto2025 finally
2025-06-02 19:35:30 +02:00

57 lines
1.4 KiB
Python
Raw Blame History

#!/usr/bin/env python3
from Cryptodome.Cipher import AES
from Cryptodome.Util.Padding import pad, unpad
import json
import base64
from pwn import *
HOST = "130.192.5.212"
PORT = 6551
server = remote(HOST,PORT)
# 1 | 2 Block | 3 Block | 4 Block |
#RICORDA ALLA FINE C'e' SEMPRE " in PIU'
#name = 'aa true "a " '
# AGGIUNGI anche 'aa'
name = 'aa'+' '*(16-len('true')-1)+':true'+' '*(15)+'"'+'a'+' '*14+","+" "*15+' '*15+'"'+' '*15+' '*5+'a'
print(len(name))
#print(name)
print(server.recvline())
#print(server.recvline())
server.send(name)
server.send(b'\n')
tok = server.recvline()
tok = tok.split(b":")[1].strip()
print(tok)
server.recvline()
server.recvline()
server.recvline()
server.recvline()
server.send(b'flag\n')
print(server.recvline())
enc = base64.b64decode(tok)
tok = enc[0:16]+enc[112:128]+enc[16:32]+enc[64:80]+enc[48:64]+enc[96:112]+enc[128:144]
tok = base64.b64encode(tok).decode()
server.send(tok)
server.send(b'\n')
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
print(server.recvline())
#print(f"{payload} | len:{len(payload)}")
#token = json.dumps({
# "username": name,
#})
#enc = token.encode()
#for i in range(0,len(enc),16):
# print(enc[i:i+16])
#print(enc[0:16]+enc[112:128]+enc[16:32]+enc[64:80]+enc[48:64]+enc[96:112]+enc[128:144])
Reference in New Issue View Git Blame Copy Permalink