def hash_header(header):
header_bytes = header_to_string(header).decode('hex')
if (header["version"] >= 7):
hash_bytes = Hash(header_bytes) # new rules, sha256
else:
hash_bytes = HashScrypt(header_bytes) # old scrypt header hashing
return rev_hex(hash_bytes.encode('hex'))
def update(form) :
if User.session.exists() :
user = User.session.get()
un, un_repeat = form.get("username"), form.get("username-repeat")
pw, pw_repeat = form.get("password"), form.get("password-repeat")
if un != un_repeat :
flash(u"Bitte wiederhole den neuen Benutzernamen korrekt!", Config.Flash.error)
elif pw != pw_repeat :
flash(u"Bitte wiederhole das neue Passwort korrekt!", Config.Flash.error)
elif not (un or pw) :
flash(u"Keine Änderungen eingegeben.", Config.Flash.warn)
else :
user.update(username = un, password = Hash.hash(pw))
User.session.set(user)
flash(u"Die neuen Eingaben wurden erfolgreich übernommen.", Config.Flash.success)
return redirect(Config.Urls.App.user)
def hash(self, x):
if DEBUG: return "hash("+x+")"
return Hash(x)
def hash_header(header):
return rev_hex(Hash(header_to_string(header).decode('hex')).encode('hex'))
class Alice:
def __init__(self, messages, file_path):
""" PSI sender side implementation. \
The relevant files for bob will be located at "file_path/to_bob" """
if type(messages) != np.ndarray:
raise ('Error: the messages should be passed as a numpy array')
self.messages = messages
self.file_path = file_path
self.hash_table_size = round(
len(messages) / np.log(np.log(messages.size)))
print('Number of bins: ' + str(self.hash_table_size))
self.max_bin_size = round(5 * np.log(np.log(messages.size)))
print('Single Bin size: ' + str(self.max_bin_size))
self.hash = Hash()
self.hash.generate(self.hash_table_size)
self.polynomials = self._compute_polynomials()
self.encryption_scheme = EncryptionScheme()
self.encryption_scheme.generate()
t1 = datetime.datetime.now()
encrypted_poly = self.encryption_scheme.encrypt_encoded_message(
self.polynomials)
t2 = datetime.datetime.now()
print("Alice's coefficients encryption took " + str(t2 - t1))
base_path = os.path.join(self.file_path, 'to_bob')
if not os.path.isdir(base_path):
os.mkdir(base_path)
key_path = os.path.join(base_path, 'public_key.npy')
self.encryption_scheme.to_file(key_path)
ciphers_path = os.path.join(base_path, 'ciphertexts.npy')
hash_path = os.path.join(base_path, 'hash_params.npy')
self.hash.to_file(hash_path)
ciphers_array = np.array([
encrypted_poly[i, j].ciphertext
for i in range(encrypted_poly.shape[0])
for j in range(encrypted_poly.shape[1])
],
dtype=object)
ciphers_array = ciphers_array.reshape(encrypted_poly.shape)
np.save(ciphers_path, ciphers_array, allow_pickle=True)
def _compute_polynomials(self):
polynomials = np.zeros((self.hash_table_size, self.max_bin_size),
dtype=int)
roots_by_hash = [[] for _ in range(self.hash_table_size)]
for message in self.messages:
hash_1, hash_2 = self.hash.hash(message)
if len(roots_by_hash[hash_1]) < len(roots_by_hash[hash_2]):
roots_by_hash[hash_1].append(message)
else:
roots_by_hash[hash_2].append(message)
print('Maximum actual items in a single bin: ' +
str(max([len(row) for row in roots_by_hash])))
for i in range(len(roots_by_hash)):
roots = np.array(roots_by_hash[i])
poly = MathUtils().polynomial_coefficients_from_roots(roots)
for j in range(-int(poly.size), 0, 1):
polynomials[i, j] = poly[j + poly.size]
return polynomials
def evaluate_intersection(self):
""" Evaluate the intersection after recieving bob's file \
Bob's file should be located at "file_path/from_bob" """
ciphers_path = os.path.join(self.file_path, 'from_bob/ciphertexts.npy')
if not os.path.isfile(ciphers_path):
raise ("Error: bob's file was not found")
raw_ciphertexts = np.load(ciphers_path, allow_pickle=True)
ciphertexts = np.array([
Ciphertext(int(raw_cipher), self.encryption_scheme.public_key)
for raw_cipher in raw_ciphertexts
])
decryptions = self.encryption_scheme.decrypt_to_encoded_message(
ciphertexts)
print('Alice sees from Bob: ' + str(decryptions))
return np.intersect1d(self.messages, decryptions)
el_sign2 = '119841162-2'
el2_payload = el_sign2
# Command Execute Payloads
payloads = [
{
'name': 'PHP Code eval',
'payload': 'phpinfo();',
'sign': phpinfo_sign
}, {
'name': 'PHP Code eval',
'payload': '${print_r(md5(11123))};',
'sign': Hash.md5('11123')
}, {
'name': 'Sprint Boot EL',
'payload': '${{new java.lang.String(new byte[]{{{0}}})}}'.format(
el_payload),
'sign': el_sign,
}, {
'name': 'Sprint Boot EL',
'payload': '${{{0}}}'.format(el2_payload),
'sign': str(eval(el_sign2))
}, {
'name': 'XSS',
'payload': xss_payload,
'sign': xss_sign
}, {
def getByRegister(credentials) :
username, password = credentials.get("username"), credentials.get("password")
if not Database.existsUser(username) :
user = User(username, Hash.hash(password))
Database.storeUser(user)
return user
def getByLogin(credentials) :
data = Database.loadUserByLogin(credentials.get("username"), Hash.hash(credentials.get("password")))
if data :
user = User(*data)
return user
async def change_password(username: str, new_password: str) -> bool:
new_password = new_password.encode("utf-8")
hash = Hash.bcrypt_hash(new_password)
await players.update_one({"_id": username}, {"$set": {"password": hash}})
