2023_Newbie_Contest_Question_Creation/xiaosai/ecb_padding/crack.py

from pwn import *
import base64

first_flag = b''
wordlist = b'0123456789qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM{}_'
for i in range(16):
    for j in wordlist:
        r = remote("172.20.14.117", 59250)
        payload = b'0'*(16-5) + b'0' * (15 - i)\
            + first_flag + j.to_bytes() + \
            b'0' * (15 - i)
        r.sendline(payload)
        cipher = r.recvline()
        r.close()
        cipher = base64.b64decode(cipher)
        if cipher[16:32] == cipher[32:48]:
            first_flag = first_flag + j.to_bytes()
            break

last_flag = b''
for i in range(21-16):
    for j in wordlist:
        r = remote("172.20.14.117", 59250)
        payload = b'0' * 11 +  j.to_bytes() + \
            last_flag + b'0' * 27
        r.sendline(payload)
        cipher = r.recvline()
        r.close()
        cipher= base64.b64decode(cipher)
        if cipher[16:32] == cipher[64:80]:
            last_flag = j.to_bytes() + last_flag
            break            

print(first_flag + last_flag)