def save(self):
		""" сохраняем настройки """
		s=self.rb_var.get()
		if s==0:
			self.app.app.app.sets.sync_enable=False
		elif s==2:
			self.app.app.app.sets.sync_enable=True
			self.app.app.app.sets.sync_period=0
		elif s==1:
			try:t=int(self.cron_ent.get())
			except:
				box.showerror(title='Ошибка',message='Не корректное время!')
				self.app.win.deiconify()
				return	
			if t<15:
				box.showerror(title='Ошибка',message='Время должно быть больше 15 минут!')
				self.app.win.deiconify()
				return	
			self.app.app.app.sets.sync_enable=True
			self.app.app.app.sets.sync_period=t	
		point=self.points_var.get()
		passw=self.passw_ent.get()
		if passw=='*****':
			passw=self.app.app.app.sets.sync_passw
		else:
			passw=md5py.new(passw).hexdigest()
		self.app.app.app.sets.sync_login=self.login_ent.get()
		self.app.app.app.sets.sync_passw=passw	
		self.app.app.app.sets.sync_point=point
		self.app.reload=True
	def check_points_from_server(self):
		""" проверка сохраненных точек на сервере """
		login=self.login_ent.get()
		passw=self.passw_ent.get()
		if passw=='*****':
			passw=self.app.app.app.sets.sync_passw
		else:
			passw=md5py.new(passw).hexdigest()

		self.check_var.set('Идет проверка')
		self.check_points['state']='disable'
		self.frame.update()

		d={}
		j=json.dumps({'auth':{'login':login,'passw':passw},'request':'check_points'})
		d['data']=j
		url=self.app.app.app.sets.sync_server
		try:
			response=urllib.urlopen(url+'/utils',urllib.urlencode(d)).read()
		except:
			response=None
		self.check_points['state']='normal'	
		if response:
			self.check_var.set('Обновлено')
			try:
				r=eval(response)
				self.app.app.app.sets.sync_points=repr(r)
				self.points_ent['values']=r
			except:
				self.check_var.set('Ошибка...')
				return
		else:
			self.check_var.set('Не удалось соединиться с сервером')
Exemple #3
0
 def save(self):
     """ сохраняем настройки """
     s = self.rb_var.get()
     if s == 0:
         self.app.app.app.sets.sync_enable = False
     elif s == 2:
         self.app.app.app.sets.sync_enable = True
         self.app.app.app.sets.sync_period = 0
     elif s == 1:
         try:
             t = int(self.cron_ent.get())
         except:
             box.showerror(title='Ошибка', message='Не корректное время!')
             self.app.win.deiconify()
             return
         if t < 15:
             box.showerror(title='Ошибка',
                           message='Время должно быть больше 15 минут!')
             self.app.win.deiconify()
             return
         self.app.app.app.sets.sync_enable = True
         self.app.app.app.sets.sync_period = t
     point = self.points_var.get()
     passw = self.passw_ent.get()
     if passw == '*****':
         passw = self.app.app.app.sets.sync_passw
     else:
         passw = md5py.new(passw).hexdigest()
     self.app.app.app.sets.sync_login = self.login_ent.get()
     self.app.app.app.sets.sync_passw = passw
     self.app.app.app.sets.sync_point = point
     self.app.reload = True
Exemple #4
0
    def check_login(self):
        """ проверка правильности логина и пароля на сервере """
        login = self.login_ent.get()
        passw = self.passw_ent.get()
        if passw == '*****':
            passw = self.app.app.app.sets.sync_passw
        else:
            passw = md5py.new(passw).hexdigest()

        self.check_var.set('Идет проверка')
        self.check_login['state'] = 'disable'
        self.frame.update()

        d = {}
        j = json.dumps({
            'auth': {
                'login': login,
                'passw': passw
            },
            'request': 'check_login'
        })
        d['data'] = j
        url = self.app.app.app.sets.sync_server
        try:
            response = urllib.urlopen(url + '/utils',
                                      urllib.urlencode(d)).read()
        except:
            response = 'Не удалось соединиться'
        self.check_var.set(response[:50])

        self.check_login['state'] = 'normal'
Exemple #5
0
	def set_enter(self,event=None):
		passw=md5py.new(self.passw.get().encode('utf-8')).hexdigest()
		self.app.db.execute('select passw from users where name=?',(self.name,))
		# проверяем правильность пароля
		if self.app.db.fetchone()[0]==passw:
			self.app.set_user(self.name)
		else:
			box.showerror(title='Ошибка!',message='Не верный пароль')
			self.passw.delete(0,END)
			self.passw.focus()
Exemple #6
0
 def set_enter(self, event=None):
     passw = md5py.new(self.passw.get().encode('utf-8')).hexdigest()
     self.app.db.execute('select passw from users where name=?',
                         (self.name, ))
     # проверяем правильность пароля
     if self.app.db.fetchone()[0] == passw:
         self.app.set_user(self.name)
     else:
         box.showerror(title='Ошибка!', message='Не верный пароль')
         self.passw.delete(0, END)
         self.passw.focus()
	def save_changes(self):
		""" сохраняем изменения """
		if self.pass_state:
			if not self.pass_ent.get()=='*****':
				self.passw=md5py.new(self.pass_ent.get().encode('utf-8')).hexdigest()
				
			
		else:
			self.passw=''
		self.app.app.app.db.execute('update  users set caps=? , passw=? where name=?',(repr(self.caps),self.passw,self.selected))
		self.app.app.app.con.commit()
		self.app.reload=True
Exemple #8
0
    def save_changes(self):
        """ сохраняем изменения """
        if self.pass_state:
            if not self.pass_ent.get() == '*****':
                self.passw = md5py.new(
                    self.pass_ent.get().encode('utf-8')).hexdigest()

        else:
            self.passw = ''
        self.app.app.app.db.execute(
            'update  users set caps=? , passw=? where name=?',
            (repr(self.caps), self.passw, self.selected))
        self.app.app.app.con.commit()
        self.app.reload = True
Exemple #9
0
    def check_points_from_server(self):
        """ проверка сохраненных точек на сервере """
        login = self.login_ent.get()
        passw = self.passw_ent.get()
        if passw == '*****':
            passw = self.app.app.app.sets.sync_passw
        else:
            passw = md5py.new(passw).hexdigest()

        self.check_var.set('Идет проверка')
        self.check_points['state'] = 'disable'
        self.frame.update()

        d = {}
        j = json.dumps({
            'auth': {
                'login': login,
                'passw': passw
            },
            'request': 'check_points'
        })
        d['data'] = j
        url = self.app.app.app.sets.sync_server
        try:
            response = urllib.urlopen(url + '/utils',
                                      urllib.urlencode(d)).read()
        except:
            response = None
        self.check_points['state'] = 'normal'
        if response:
            self.check_var.set('Обновлено')
            try:
                r = eval(response)
                self.app.app.app.sets.sync_points = repr(r)
                self.points_ent['values'] = r
            except:
                self.check_var.set('Ошибка...')
                return
        else:
            self.check_var.set('Не удалось соединиться с сервером')
Exemple #10
0
	def check_login(self):
		""" проверка правильности логина и пароля на сервере """
		login=self.login_ent.get()
		passw=self.passw_ent.get()
		if passw=='*****':
			passw=self.app.app.app.sets.sync_passw
		else:
			passw=md5py.new(passw).hexdigest()

		self.check_var.set('Идет проверка')
		self.check_login['state']='disable'
		self.frame.update()

		d={}
		j=json.dumps({'auth':{'login':login,'passw':passw},'request':'check_login'})
		d['data']=j
		url=self.app.app.app.sets.sync_server
		try:
			response=urllib.urlopen(url+'/utils',urllib.urlencode(d)).read()
		except:response='Не удалось соединиться'
		self.check_var.set(response[:50])

		self.check_login['state']='normal'
Exemple #11
0
recv()
s.send('1\n')
recv()
s.send(message + '\n')
data = recv()

m = re.search(r'Your hash: (\w+)', data)
if not m:
    exit()

legit, = m.groups()
print('legit ' + legit)

# initialize hash object with state of a vulnerable hash
fake_md5 = md5py.new('A' * 64)
fake_md5.A, fake_md5.B, fake_md5.C, fake_md5.D = md5py._bytelist2long(
    legit.decode('hex'))

# update legit hash with malicious message
fake_md5.update(malicious)

# fake_hash is the hash for md5(secret + message + padding + malicious)
fake_hash = fake_md5.hexdigest()
print('fake ' + fake_hash)

#############################
### STEP 2: Craft payload ###
#############################

# TODO: calculate proper padding based on secret + message
Exemple #12
0
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))

data = s.recv(1024)
s.send('1\n')
data = s.recv(1024)
s.send(message + '\n')
data = s.recv(1024)

m = re.search('Your hash: ([a-z0-9]*)', data)
legit = m.group(1)

#legit = '7d2a3a8f9b9b6491736c785c68ce02c1'      # a legit hash of secret + message goes here, obtained from signing a message

# initialize hash object with state of a vulnerable hash
fake_md5 = md5py.new('A' * 64)
fake_md5.A, fake_md5.B, fake_md5.C, fake_md5.D = md5py._bytelist2long(legit.decode('hex'))

malicious = 'malicious message'  # put your malicious message here

# update legit hash with malicious message
fake_md5.update(malicious)

# fake_hash is the hash for md5(secret + message + padding + malicious)
fake_hash = fake_md5.hexdigest()
#print(fake_hash)


#############################
### STEP 2: Craft payload ###
#############################
#send the message
data = s.recv(1024)
s.send(message + '\n')

#get the hash
data = s.recv(1024)
my_hash = data[39:].strip()  #grab the hash and strip the string
print(my_hash)

#continue to main 'menu'
data = s.recv(1024)
legit = my_hash

# initialize hash object with state of a vulnerable hash
fake_hash = md5py.new('A' * 64)
fake_hash.A, fake_hash.B, fake_hash.C, fake_hash.D = md5py._bytelist2long(
    legit.decode('hex'))

malicious = 'Hack'  # put your malicious message here
# update legit hash with malicious message
fake_hash.update(malicious)

# test is the correct hash for md5(secret + message + padding + malicious)
test = fake_hash.hexdigest()

#############################
### STEP 2: Craft payload ###
#############################

# TODO: calculate proper padding based on secret + message
Exemple #14
0
def get_flag():
    ip = '192.168.17.30'
    port = 3006

    generator = 2
    p = 999959

    send = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    send.connect((ip, port))
    data = send.recv(1024)
    tmp = data.split(" ")
    pubkey = int(tmp[1])

    # get the rsa variables
    # returned as dict

    # f*****g test suit cant make its mind up about too small of N and too big of N.
    # phi: 16077600ERROR: This p and q are taken.  Please find another pair.
    key = gen_rsa(81, 5)
    # generat our public key
    our_pubkey = gen_pub_key(generator, key['d'], p)

    sending_pubkey = "PUBKEY {}".format(str(our_pubkey))
    send.send(sending_pubkey)

    # derive session key
    #3. Both sides then derive the session key as MD5(g^(sc) mod p).
    m = md5py.new()

    shared_secret = pow(pubkey, key['d'], p)
    m.update(str(shared_secret))
    session_key = m.hexdigest()

    # convert sessino key to bytes for AES encryption
    session_key_bytes = unhexlify(session_key)

    # 4. You can now encrypt your request ("GET FLAG") with AES-128 in CBC mode
    # you should use PKCS7 padding padding to fill the remaining bytes
    request = "GET FLAG"

    # first part of the block is the IV, so we need to extract that.
    # 128 bit blocks, 8 bits per block, 16 bytes
    BLOCK_SIZE = 16
    iv = Random.new().read(BLOCK_SIZE)
    # first blobk is the Initialization Vector.
    cipher = AES.new(session_key_bytes, AES.MODE_CBC, iv)
    # TODO CHECK PADDING IS RIGHT
    ciphertext = cipher.encrypt(pad(request, BLOCK_SIZE))

    # send this to the server
    payload = iv + ciphertext

    # Then send your encrypted request to the server as raw binary bytes.
    send.send(payload)
    data = send.recv(1024)

    # every once in a while we get this garbage
    '''
  '\xeb@\x83\xdb\x1c\x98\xf3R\x1c:S|-"\x01\xcdp\xf7\xbe+%\x85\xc2\x96u)\x9f\xb1H#\x9b\xa7'
  FLAG f5fb23681f3298f38d4c
  'XT\r\n'
  '''
    # where the server provided ciphertext is not a multiple of 16. This happens about once every 20 requests.

    # decrypt the data using AES 128 CBC
    iv = data[:BLOCK_SIZE]
    cipher = AES.new(session_key_bytes, AES.MODE_CBC, iv)
    raw = cipher.decrypt(data[BLOCK_SIZE:]).strip()
    # better way to remove padding
    pad_num = int(raw[-1].encode('hex'))
    flag = raw[:-(pad_num)]

    # all done, got the encrypted flag
    send.close()
    return flag
Exemple #15
0
def pad(s):
        padlen = 64 - ((len(s) + 8) % 64)
        bit_len = 8*len(s)
        if(padlen < 64):
               s = s + '\x80' + '\x00' * (padlen - 1)
        a=struct.pack('<q', bit_len)
        a=[ chr(x) for x in a]
        b="".join(a)
        s=s+b
        return s

print ("This is the program that perform the hash attack to MD5!!!")
print ("You need to forge the signature and caculate the sum of first MagicNumber(1st)")

val = md5py.new(secret+initialData)
print ("You get the hash(secret + message1):", val.hexdigest())

#the code here:generate the signature 
payload = pad(secret+initialData)+append
legit = md5py.new(payload)
print ("The digital signature(hash(secret+message1+message2)) is:", legit.hexdigest())

#the code here:modify MagicNumber to acheive extension attack 
not_legit = md5py.new("z"*64)
not_legit.A, not_legit.B, not_legit.C, not_legit.D = md5py._bytelist2long(val.digest())
MagicSum=not_legit.A + not_legit.B + not_legit.C+ not_legit.D
not_legit.update(append)
print ("Your forged signature is:", not_legit.hexdigest())

if legit.hexdigest() == not_legit.hexdigest():
		pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
		print('  %04x: %-48s %s' % (b, hxdat, pdat))
	print

secret = b"secret"
original = b"data"
append = b"append"

def pad(s):
	padlen = 64 - ((len(s) + 8) % 64)
	bit_len = 8*len(s)
	if(padlen < 64):
		s += '\x80' + '\000' * (padlen - 1)
	return s + struct.pack('<q', bit_len)

val = md5py.new(secret+original)
print "Original payload:", val.hexdigest()

payload = pad(secret+original)+append
hexdump(payload)

legit = md5py.new(payload)
print "Legit digest:", legit.hexdigest()

not_legit = md5py.new("A"*64)
not_legit.A, not_legit.B, not_legit.C, not_legit.D = md5py._bytelist2long(val.digest())
not_legit.update(append)
print "Illicit digest:", not_legit.hexdigest()

if legit.hexdigest() == not_legit.hexdigest():
	print "Success!"