预期解

crypto/hard_pow/crack.py

@@ -0,0 +1,57 @@
+import hashpumpy
+import hashlib
+import itertools
+from pwn import * # type: ignore
+import string
+import re
+
+context.log_level = 'debug'
+
+conn = remote("localhost",10001)
+strings = conn.recvline().decode('utf-8')
+alpha_bet = string.ascii_lowercase + string.digits
+strlist = itertools.permutations(alpha_bet, 5)
+obj = re.search('\w{32}', strings)[0] # type: ignore
+obj2 = re.search('\w{15}', strings)[0] # type: ignore
+
+for i in strlist:
+    data=i[0]+i[1]+i[2]+i[3]+i[4]+obj2
+    data_sha=hashlib.md5(data.encode('utf-8')).hexdigest()
+    if(data_sha==obj):
+        conn.sendline(data[:5].encode())
+        break
+
+
+string1 = conn.recvline().decode()
+conn.recvline()
+
+md5hash = re.search('\w{32}', string1)[0] # type: ignore
+md5plain = re.search('\w{16}', string1)[0] # type: ignore
+a = hashpumpy.hashpump(md5hash,md5plain,"1",4)
+
+payload1 = a[0].encode()
+payload2 = a[1]
+
+conn.sendline(payload1)
+conn.sendline(payload2)
+
+response = conn.recvline()
+
+string1 = conn.recvline().decode()
+conn.recvline()
+
+
+
+md5hash = re.search('\w{32}', string1)[0] # type: ignore
+md5plain = re.search('\w{12}', string1)[0] # type: ignore
+a = hashpumpy.hashpump(md5hash,md5plain,"ilove0xfa",8)
+
+payload_md5 = a[0].encode()
+payload2 = a[1]
+
+conn.sendline(payload_md5)
+conn.sendline(payload2)
+
+response = conn.recvall()
+
+conn.close()

crypto/hard_pow/crack1.py

@@ -0,0 +1,24 @@
+import hashpumpy
+import hashlib
+import itertools
+from pwn import *
+import string
+
+context.log_level = 'debug'
+
+r=remote("localhost",10001)
+strings=r.recvline().decode('utf-8')
+alpha_bet = string.ascii_lowercase + string.digits
+strlist = itertools.permutations(alpha_bet, 5)
+obj = re.search('\w{32}', strings)[0]
+obj2 = re.search('\w{15}', strings)[0]
+
+for i in strlist:
+    data=i[0]+i[1]+i[2]+i[3]+i[4]+obj2
+    data_sha=hashlib.md5(data.encode('utf-8')).hexdigest()
+    if(data_sha==obj):
+        print(data[:5])
+        r.sendline(data[:5].encode())
+        break
+r.recvline()
+r.close()

crypto/hard_pow/crack2.py

@@ -0,0 +1,37 @@
+from pwn import *
+import hashpumpy
+import re
+context.log_level = 'debug'
+
+conn = remote('localhost', 10001)  # 替换为实际的主机名和端口号
+
+# 接收服务器的欢迎消息
+string1 = conn.recvline().decode()
+conn.recvline()
+
+
+
+md5hash = re.search('\w{32}', string1)[0]
+md5plain = re.search('\w{16}', string1)[0]
+a = hashpumpy.hashpump(md5hash,md5plain,"1",4)
+
+# 发送数据到服务器
+payload1 = a[0]
+payload2 = a[1]
+
+conn.sendline(payload1)
+conn.sendline(payload2)
+
+
+# 接收并打印服务器的回复
+response = conn.recvall()
+print("Server response:", response)
+
+# 关闭连接
+conn.close()
+
+
+
+
+
+

crypto/hard_pow/crack3.py

@@ -0,0 +1,37 @@
+from pwn import *
+import hashpumpy
+import re
+context.log_level = 'debug'
+
+conn = remote('localhost', 10001)  # 替换为实际的主机名和端口号
+
+# 接收服务器的欢迎消息
+string1 = conn.recvline().decode()
+conn.recvline()
+conn.recvline()
+
+
+
+md5hash = re.search('\w{32}', string1)[0]
+md5plain = re.search('\w{12}', string1)[0]
+a = hashpumpy.hashpump(md5hash,md5plain,"ilove0xfa",8)
+
+# 发送数据到服务器
+payload_md5 = a[0].encode()
+payload2 = a[1]
+
+conn.sendline(payload_md5)
+conn.sendline(payload2)
+
+
+# 接收并打印服务器的回复
+response = conn.recvall()
+
+# 关闭连接
+conn.close()
+
+
+
+
+
+