added few ctfs

This commit is contained in:
2025-05-27 03:40:34 +02:00
parent 9fe7119118
commit e36053882b
62 changed files with 3981391 additions and 18 deletions

View File

@@ -1,15 +1,15 @@
from pwn import *
from pwn import process, remote
from base64 import b64encode, b64decode
import hlextend
KEY_LENGTH_BYTES = 16
LOCAL = True
LOCAL = True
if LOCAL:
p = process(["python", "main.py"])# Define functions for convenience
else:
p = remote("965850e570d3b775de1709a2-1024-intro-crypto-2.challenge.cscg.live", 1337, ssl=True)# Define functions for convenience
p = remote("2b571e00edfb5dd61b8f7f30-1024-intro-crypto-2.challenge.cscg.live", 1337, ssl=True)# Define functions for convenience
menu_string = b"\n 1. Register\n 2. Show animal videos\n 3. Show flag\n 4. Exit\n \nEnter your choice:"
@@ -31,12 +31,11 @@ def register() -> bytes:
p.sendline(b"Cat")
return p.recvuntil(b'\n').replace(b"\n", b"").split(b" ")[-1]
def show_flag(token: bytes):
def show_flag(token: str):
p.recvuntil(menu_string)
p.sendline(b"3")
p.recvuntil(b": ")
p.sendline(token)
interact()
token = register()
@@ -48,14 +47,19 @@ print(f"{token} : {string_token}")
print(f"{claims}")
print(f"{mac}")
injection = "|admin=true".encode("latin1")
sha_forge = hlextend.new('sha1')
forged_msg = sha_forge.extend(injection, claims, KEY_LENGTH_BYTES, mac.decode("latin1"))
print(forged_msg)
forged_mac = sha_forge.hexdigest()
secure_token = forged_msg + f"|mac={forged_mac}".encode("latin1")
print(secure_token)
secure_token = b64encode(secure_token).decode("latin1")
print("------------ attacked system ---------")
show_flag(secure_token)
p.interactive()
print(p.recvuntil(b":").decode())
p.close()