-
Notifications
You must be signed in to change notification settings - Fork 64
/
Copy pathmitm_exp1.py
68 lines (57 loc) · 1.46 KB
/
mitm_exp1.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
from pwn import *
from hashlib import sha256
# context.log_level = 'debug'
r = remote('127.0.0.1', 10041)
r.recvuntil('token: ')
r.sendline('这里填写你的 token')
r.recvuntil('? ')
r.sendline('1')
def enc(name, extra):
r.recvuntil('? ')
r.sendline('Alice')
r.recvuntil('? ')
r.sendline(name.hex())
r.recvuntil('? ')
r.sendline(extra.hex())
r.recvuntil(':\n')
return bytes.fromhex(r.recvline().decode().strip())
def check(cipher):
r.recvuntil('? ')
r.sendline('Bob')
r.recvuntil(': ')
r.sendline(cipher.hex())
reply = r.recvline()
return b'Thanks' in reply
assert check(enc(b'abc', b'def'))
# 16 IV
# 7 text
# ? name
# 21 text
# flag
# ? extra
# 32 sha256
# 16 padding
def pad(msg):
n = 16 - len(msg) % 16
return msg + bytes([n]) * n
l = len(enc(b'', b''))
payload = b''
while len(enc(b'', payload)) == l:
payload += b'a'
flaglen = l + 16 - 16 - 32 - 16 - 7 - 21 - len(payload)
print(flaglen)
flag = b''
for i in range(flaglen):
namelen = 16 - (7 + 21 + flaglen - len(flag)) % 16 + 1
prefixlen = 7 + namelen + 21 + flaglen - len(flag) - 1
assert prefixlen % 16 == 0
for c in range(256):
payload = pad(bytes([c]) + flag + sha256(bytes([c]) + flag).digest())[len(flag)+1:]
ct = enc(namelen * b'a', payload)
if check(ct[prefixlen:-32-16]):
flag = bytes([c]) + flag
print(flag)
break
else:
print('not found')
exit(-1)