def solve():
proof_part=mbruteforce(check,base,4,method='fixed')
send_data=proof_part+'\n'*6
r.send(send_data.encode())
r.recvuntil('exit\n')
r.sendline('4')
re2=r.recv().strip()
print(re2)
en_flag=re2[22:]
print(en_flag)
msg='xxxxxxxxxxxxxxxx'
r.recvuntil('exit\n')
r.sendline('2')
r.recvuntil(':')
r.sendline(msg)
re3=r.recv().strip()
cip=re3[50:]
r.recvuntil('exit\n')
r.sendline('3')
r.recvuntil(':')
hexmsg=hexlify(bytes(msg.encode()))
r.sendline(hexmsg)
re4=r.recv().strip()
key=unhexlify(re4[23:])
sm4=Sm4(key)
sm4.__key__expand__()
return sm4.decrypt_cbc(en_flag,key)
def proof_of_work():
PoW = r.recvline().decode()
suffix, target_hexdigest = re.search(r'\(XXXX\+(\w{16})\) == (\w{64})',
PoW).groups()
proof = mbruteforce(lambda x: sha256(
(x + suffix).encode()).hexdigest() == target_hexdigest,
string.ascii_letters + string.digits,
length=4,
method='fixed')
r.sendlineafter('Give me XXXX: ', proof)
def proof_of_work(p):
p.recvuntil("XXXX+")
suffix = p.recv(16).decode("utf8")
p.recvuntil("== ")
cipher = p.recvline().strip().decode("utf8")
proof = mbruteforce(lambda x: sha256(
(x + suffix).encode()).hexdigest() == cipher,
string.ascii_letters + string.digits,
length=4,
method='fixed')
p.sendlineafter("Give me XXXX: ", proof)
def solve():
key = 'T0EyZaLRzQmNe2' + mbruteforce(
guess_key, printable, 2, method='fixed')
h = md5(key).hexdigest()
SECRET = unhexlify(h)[:10]
message = 'AES CBC Mode is commonly used in data encryption. What do you know about it?' + SECRET
msg = pad(message)
msgs = [msg[ii:(ii + 16)] for ii in range(0, len(msg), 16)]
msgs.reverse()
IV = unhexlify('72481dab9dd83141706925d92bdd39e4')
for ms in msgs:
IV = decry(key, IV, ms)
return IV
def solve():
base = ascii_letters + digits
suffix = mbruteforce(check, base, 12)
r.sendline(suffix)
r.recvline()
try:
Ns, Cs = get_NC()
#print(Ns)
#print(Cs)
except TypeError:
return
secret = crt(Cs, Ns)
print(str(secret))
return get_flag(secret)
def bruteforce(suffix, digest):
"""
Multithreaded POW solver for custom challenge designs
INPUT:
@partial: bytes
@digest: str
OUTPUT:
X: sha256(X + suffix).hexdigest() == digest
"""
return mbruteforce(
lambda x: hashlib.sha256(x.encode() + suffix).hexdigest() == digest,
string.ascii_letters + string.digits,
length=4,
method="fixed")
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import re, string
from hashlib import sha256
from pwn import *
from pwnlib.util.iters import mbruteforce
r = remote('127.0.0.1', 25003)
PoW = r.recvline().decode()
suffix, target_hexdigest = re.search(r'\(XXXX\+(\w{16})\) == (\w{64})', PoW).groups()
proof = mbruteforce(lambda x: sha256( (x+suffix).encode() ).hexdigest()==target_hexdigest, string.ascii_letters+string.digits, length = 4, method = 'fixed')
r.sendlineafter('Give me XXXX: ', proof)
r.sendlineafter('> ', 'I like playing Hgame')
print( r.recvregex('hgame{.+}').decode() )
r.close()
from pwn import *
from pwnlib.util.iters import mbruteforce
import requests
import string
with open('shattered-1.pdf', 'rb') as f1:
d1 = f1.read()
with open('shattered-2.pdf', 'rb') as f2:
d2 = f2.read()
d1 += b'Snoopy_do_not_like_cats_hahahahaddaa_is_PHD'
d2 += b'Snoopy_do_not_like_cats_hahahahaddaa_is_PHD'
s = mbruteforce(lambda x: sha1sumhex(d1 + x.encode()).startswith('f00d'),
string.printable, 10)
d1 = d1 + s.encode()
d2 = d2 + s.encode()
payload = {'username': d1, 'password': d2}
r = requests.post('https://quiz.ais3.org:32670/', data=payload)
print(r.text)
