sangge/2023_Newbie_Contest_Question_Creation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

预期解

Browse Source
This commit is contained in:
sangge
2023-08-25 02:50:21 +08:00
parent 1730fd56e8
commit a3ed07d357
4 changed files with 155 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
crypto/hard_pow/crack.py Normal file
View File

@@ -0,0 +1,57 @@
import hashpumpy
import hashlib
import itertools
from pwn import * # type: ignore
import string
import re
context.log_level = 'debug'
conn = remote("localhost",10001)
strings = conn.recvline().decode('utf-8')
alpha_bet = string.ascii_lowercase + string.digits
strlist = itertools.permutations(alpha_bet, 5)
obj = re.search('\w{32}', strings)[0] # type: ignore
obj2 = re.search('\w{15}', strings)[0] # type: ignore
for i in strlist:
data=i[0]+i[1]+i[2]+i[3]+i[4]+obj2
data_sha=hashlib.md5(data.encode('utf-8')).hexdigest()
if(data_sha==obj):
conn.sendline(data[:5].encode())
break
string1 = conn.recvline().decode()
conn.recvline()
md5hash = re.search('\w{32}', string1)[0] # type: ignore
md5plain = re.search('\w{16}', string1)[0] # type: ignore
a = hashpumpy.hashpump(md5hash,md5plain,"1",4)
payload1 = a[0].encode()
payload2 = a[1]
conn.sendline(payload1)
conn.sendline(payload2)
response = conn.recvline()
string1 = conn.recvline().decode()
conn.recvline()
md5hash = re.search('\w{32}', string1)[0] # type: ignore
md5plain = re.search('\w{12}', string1)[0] # type: ignore
a = hashpumpy.hashpump(md5hash,md5plain,"ilove0xfa",8)
payload_md5 = a[0].encode()
payload2 = a[1]
conn.sendline(payload_md5)
conn.sendline(payload2)
response = conn.recvall()
conn.close()

24
crypto/hard_pow/crack1.py Normal file
View File

@@ -0,0 +1,24 @@
import hashpumpy
import hashlib
import itertools
from pwn import *
import string
context.log_level = 'debug'
r=remote("localhost",10001)
strings=r.recvline().decode('utf-8')
alpha_bet = string.ascii_lowercase + string.digits
strlist = itertools.permutations(alpha_bet, 5)
obj = re.search('\w{32}', strings)[0]
obj2 = re.search('\w{15}', strings)[0]
for i in strlist:
data=i[0]+i[1]+i[2]+i[3]+i[4]+obj2
data_sha=hashlib.md5(data.encode('utf-8')).hexdigest()
if(data_sha==obj):
print(data[:5])
r.sendline(data[:5].encode())
break
r.recvline()
r.close()

37
crypto/hard_pow/crack2.py Normal file
View File

@@ -0,0 +1,37 @@
from pwn import *
import hashpumpy
import re
context.log_level = 'debug'
conn = remote('localhost', 10001) # 替换为实际的主机名和端口号
# 接收服务器的欢迎消息
string1 = conn.recvline().decode()
conn.recvline()
md5hash = re.search('\w{32}', string1)[0]
md5plain = re.search('\w{16}', string1)[0]
a = hashpumpy.hashpump(md5hash,md5plain,"1",4)
# 发送数据到服务器
payload1 = a[0]
payload2 = a[1]
conn.sendline(payload1)
conn.sendline(payload2)
# 接收并打印服务器的回复
response = conn.recvall()
print("Server response:", response)
# 关闭连接
conn.close()

37
crypto/hard_pow/crack3.py Normal file
View File

@@ -0,0 +1,37 @@
from pwn import *
import hashpumpy
import re
context.log_level = 'debug'
conn = remote('localhost', 10001) # 替换为实际的主机名和端口号
# 接收服务器的欢迎消息
string1 = conn.recvline().decode()
conn.recvline()
conn.recvline()
md5hash = re.search('\w{32}', string1)[0]
md5plain = re.search('\w{12}', string1)[0]
a = hashpumpy.hashpump(md5hash,md5plain,"ilove0xfa",8)
# 发送数据到服务器
payload_md5 = a[0].encode()
payload2 = a[1]
conn.sendline(payload_md5)
conn.sendline(payload2)
# 接收并打印服务器的回复
response = conn.recvall()
# 关闭连接
conn.close()