fix: update aes
This commit is contained in:
@@ -1,37 +1,34 @@
|
||||
from pwn import *
|
||||
from flag import flag
|
||||
from Crypto.Cipher import AES
|
||||
from hashlib import sha256
|
||||
import base64
|
||||
|
||||
flag = b''
|
||||
first_flag = b''
|
||||
wordlist = b'123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
||||
wordlist = b'0123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
||||
for i in range(16):
|
||||
for j in wordlist:
|
||||
r = remote("127.0.0.1", 10002)
|
||||
r = remote("172.20.14.117", 65311)
|
||||
payload = b'0'*(16-5) + b'0' * (15 - i)\
|
||||
+ first_flag + j.to_bytes() + \
|
||||
b'0' * (15 - i)
|
||||
r.sendline(payload)
|
||||
cipher = r.recvline()
|
||||
r.close()
|
||||
cipher = base64.b64decode(cipher)
|
||||
if cipher[16:32] == cipher[32:48]:
|
||||
first_flag = first_flag + j.to_bytes()
|
||||
break
|
||||
|
||||
|
||||
last_flag = b''
|
||||
for i in range(21-16):
|
||||
for j in wordlist:
|
||||
r = remote("127.0.0.1", 10002)
|
||||
r = remote("172.20.14.117", 65311)
|
||||
payload = b'0' * 11 + j.to_bytes() + \
|
||||
last_flag + b'0' * 27
|
||||
r.sendline(payload)
|
||||
cipher = r.recvline()
|
||||
r.close()
|
||||
cipher= base64.b64decode(cipher)
|
||||
if cipher[16:32] == cipher[64:80]:
|
||||
last_flag = j.to_bytes() + last_flag
|
||||
break
|
||||
|
||||
break
|
||||
|
||||
print(first_flag + last_flag)
|
13
xiaosai/ecb_padding/dockerfile
Normal file
13
xiaosai/ecb_padding/dockerfile
Normal file
@@ -0,0 +1,13 @@
|
||||
FROM python:latest
|
||||
|
||||
RUN pip install pycryptodome -i https://pypi.tuna.tsinghua.edu.cn/simple
|
||||
|
||||
COPY flag.py /app/
|
||||
|
||||
COPY main.py /app/
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
EXPOSE 10002
|
||||
|
||||
CMD [ "python", "main.py" ]
|
@@ -1 +1 @@
|
||||
flag = b'flag{eCb_is_not_SafE}'
|
||||
flag = b'0xFA{eCb_is_not_SafE}'
|
@@ -38,12 +38,11 @@ class Task(socketserver.BaseRequestHandler):
|
||||
data = self.recv(prompt=b'')
|
||||
data = b'cqupt'+ data + flag
|
||||
# len(flag) == 21
|
||||
# wordlist = b'123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
||||
# wordlist = b'0123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
||||
if len(data)%16 != 0:
|
||||
pad = b'0' * (16 - len(data)%16)
|
||||
data = data + pad
|
||||
cipher = aes.encrypt(data)
|
||||
print(aes.decrypt(cipher))
|
||||
cipher = base64.b64encode(cipher)
|
||||
self.send(cipher)
|
||||
|
||||
|
Reference in New Issue
Block a user