feat: 实现多个挑战并改进测试
- 重写p1实现纯Rust的hex到base64转换 - 完成p13 ECB剪切粘贴攻击和破解脚本 - 实现p33 Diffie-Hellman密钥交换算法 - 修复p9的PKCS#7测试用例 - 在common库添加gen_random_key和pkcs7_unpadding函数 - 更新workspace依赖管理
This commit is contained in:
42
problems/p13/crack.py
Normal file
42
problems/p13/crack.py
Normal file
@@ -0,0 +1,42 @@
|
||||
from pwn import *
|
||||
|
||||
# context.log_level = "debug"
|
||||
|
||||
p = process("../../target/x86_64-unknown-linux-musl/debug/p13")
|
||||
p.recvuntil(b"> ") # 等待提示符
|
||||
|
||||
|
||||
p.sendline(b"1")
|
||||
p.recvuntil(b"email: ")
|
||||
p.sendline(b"foo@bar.com12")
|
||||
cipher = p.recvline().strip()
|
||||
print(f"Cipher: {cipher}")
|
||||
|
||||
role_cipher = cipher[32:64]
|
||||
|
||||
p.sendline(b"1")
|
||||
p.recvuntil(b"email: ")
|
||||
p.sendline(b"foo@bar.co" + b"admin" + b"\x0b" * 11)
|
||||
cipher = p.recvline().strip()
|
||||
# admin_cipher = cipher[32:64]
|
||||
print(f"Cipher: {cipher}")
|
||||
|
||||
cracked_cipher = cipher[0:32] + role_cipher + cipher[32:]
|
||||
|
||||
p.recvuntil(b"> ")
|
||||
p.sendline(b"2")
|
||||
p.recvuntil(b"cipher: ")
|
||||
p.sendline(cracked_cipher)
|
||||
|
||||
profile = p.recvline().strip()
|
||||
print(f"Profile: {profile}")
|
||||
|
||||
json = p.recvline().strip()
|
||||
print(f"Json: {json}")
|
||||
|
||||
if b"Cracked!" in json:
|
||||
print("Success!")
|
||||
|
||||
|
||||
p.recvuntil(b"> ")
|
||||
# p.interactive()
|
||||
Reference in New Issue
Block a user