fix: update aes
This commit is contained in:
@@ -1,20 +1,17 @@
|
|||||||
from pwn import *
|
from pwn import *
|
||||||
from flag import flag
|
|
||||||
from Crypto.Cipher import AES
|
|
||||||
from hashlib import sha256
|
|
||||||
import base64
|
import base64
|
||||||
|
|
||||||
flag = b''
|
|
||||||
first_flag = b''
|
first_flag = b''
|
||||||
wordlist = b'123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
wordlist = b'0123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
||||||
for i in range(16):
|
for i in range(16):
|
||||||
for j in wordlist:
|
for j in wordlist:
|
||||||
r = remote("127.0.0.1", 10002)
|
r = remote("172.20.14.117", 65311)
|
||||||
payload = b'0'*(16-5) + b'0' * (15 - i)\
|
payload = b'0'*(16-5) + b'0' * (15 - i)\
|
||||||
+ first_flag + j.to_bytes() + \
|
+ first_flag + j.to_bytes() + \
|
||||||
b'0' * (15 - i)
|
b'0' * (15 - i)
|
||||||
r.sendline(payload)
|
r.sendline(payload)
|
||||||
cipher = r.recvline()
|
cipher = r.recvline()
|
||||||
|
r.close()
|
||||||
cipher = base64.b64decode(cipher)
|
cipher = base64.b64decode(cipher)
|
||||||
if cipher[16:32] == cipher[32:48]:
|
if cipher[16:32] == cipher[32:48]:
|
||||||
first_flag = first_flag + j.to_bytes()
|
first_flag = first_flag + j.to_bytes()
|
||||||
@@ -23,15 +20,15 @@ for i in range(16):
|
|||||||
last_flag = b''
|
last_flag = b''
|
||||||
for i in range(21-16):
|
for i in range(21-16):
|
||||||
for j in wordlist:
|
for j in wordlist:
|
||||||
r = remote("127.0.0.1", 10002)
|
r = remote("172.20.14.117", 65311)
|
||||||
payload = b'0' * 11 + j.to_bytes() + \
|
payload = b'0' * 11 + j.to_bytes() + \
|
||||||
last_flag + b'0' * 27
|
last_flag + b'0' * 27
|
||||||
r.sendline(payload)
|
r.sendline(payload)
|
||||||
cipher = r.recvline()
|
cipher = r.recvline()
|
||||||
|
r.close()
|
||||||
cipher= base64.b64decode(cipher)
|
cipher= base64.b64decode(cipher)
|
||||||
if cipher[16:32] == cipher[64:80]:
|
if cipher[16:32] == cipher[64:80]:
|
||||||
last_flag = j.to_bytes() + last_flag
|
last_flag = j.to_bytes() + last_flag
|
||||||
break
|
break
|
||||||
|
|
||||||
|
|
||||||
print(first_flag + last_flag)
|
print(first_flag + last_flag)
|
||||||
13
xiaosai/ecb_padding/dockerfile
Normal file
13
xiaosai/ecb_padding/dockerfile
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
FROM python:latest
|
||||||
|
|
||||||
|
RUN pip install pycryptodome -i https://pypi.tuna.tsinghua.edu.cn/simple
|
||||||
|
|
||||||
|
COPY flag.py /app/
|
||||||
|
|
||||||
|
COPY main.py /app/
|
||||||
|
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
EXPOSE 10002
|
||||||
|
|
||||||
|
CMD [ "python", "main.py" ]
|
||||||
@@ -1 +1 @@
|
|||||||
flag = b'flag{eCb_is_not_SafE}'
|
flag = b'0xFA{eCb_is_not_SafE}'
|
||||||
@@ -38,12 +38,11 @@ class Task(socketserver.BaseRequestHandler):
|
|||||||
data = self.recv(prompt=b'')
|
data = self.recv(prompt=b'')
|
||||||
data = b'cqupt'+ data + flag
|
data = b'cqupt'+ data + flag
|
||||||
# len(flag) == 21
|
# len(flag) == 21
|
||||||
# wordlist = b'123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
# wordlist = b'0123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
|
||||||
if len(data)%16 != 0:
|
if len(data)%16 != 0:
|
||||||
pad = b'0' * (16 - len(data)%16)
|
pad = b'0' * (16 - len(data)%16)
|
||||||
data = data + pad
|
data = data + pad
|
||||||
cipher = aes.encrypt(data)
|
cipher = aes.encrypt(data)
|
||||||
print(aes.decrypt(cipher))
|
|
||||||
cipher = base64.b64encode(cipher)
|
cipher = base64.b64encode(cipher)
|
||||||
self.send(cipher)
|
self.send(cipher)
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user