def main():
s = nc("37.139.4.247", 31337)
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
payload = int(time())
print(payload)
send(s, base64.b64encode(brotli.compress(str(payload))))
data = receive_until_match(s, "\n\n")
print(data)
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
data = receive_until(s, "\n")
print(brotli.decompress(data.decode("base64")))
send(s, base64.b64encode(brotli.compress("Y")))
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print('payload', decompressed)
send(s, base64.b64encode(brotli.compress(decompressed)))
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print(decompressed)
data = receive_until(s, "\n")
decompressed = brotli.decompress(data.decode("base64"))
print(decompressed)
def get_sig(col):
name = base64.b64encode("test")
url = "pki.hackable.software"
port = 1337
s = nc(url, port)
send(s, "register:" + name + "," + col)
sleep(5)
signature = s.recv(9999)
return int(signature.strip())
def main():
host = "13.231.224.102"
port = 3002
s = nc(host, port)
x = receive_until(s, "\n")
encflag = receive_until(s, "p")
encflag_matrix = parse_stringified(encflag[:-1])
p = int(receive_until(s, "\n")[2:])
x = receive_until(s, ">")
result = solver(encflag_matrix, p, lambda payload: real_oracle(s, payload))
flag = parse_stringified(str(result))
print("".join(["".join(map(chr, a)) for a in flag]))
def main():
url = '18.179.251.168'
# url = 'localhost'
port = 21700
s = nc(url, port)
data = receive_until_match(s, "cmd:")
flag = re.findall('Here is the flag!\s*(.*)\s*cmd:', data)[0]
print(flag)
encryptor = lambda data: enc(s, data)
decryptor = lambda data: dec(s, data)
n = recover_pubkey(encryptor)
print(n)
print(recover_flag(encryptor, decryptor, flag, n))
def main():
url = "47.75.53.178"
port = 9999
s = nc(url, port)
data = receive_until_match(s, "\:\>\>", None).split("\n")
e = int(data[1])
n = int(data[2])
print(e, n)
send(s, 'r')
receive_until_match(s, "\:\>\>", None).split("\n")
send(s, 'test')
data = receive_until_match(s, "\:\>\>", None).split("\n")
ct = int(data[0])
lsb_oracle(ct, lambda x: multiplicate(x, e, n), n,
lambda ct: oracle(s, ct))
def main():
bitsize = 1024
url = "13.112.92.9"
port = 21701
s = nc(url, port)
data = receive_until_match(s, "cmd:")
flag = int(re.findall('Here is the flag!\s*(.*)\s*cmd:', data)[0], 16)
print(flag)
encryptor = lambda data: enc(s, data)
decryptor = lambda data: dec(s, data)
n = recover_modulus(encryptor, decryptor, bitsize)
print('modulus', n)
known_flag_suffix = "_paillier!!}\n"
print(recover_flag(decryptor, flag, n, bitsize, known_flag_suffix))
pass
def get_flag(msg1, msg2):
url = "111.186.63.14"
port = 10001
s = nc(url, port)
challenge = receive_until_match(s, "XXXX:")
suffix, result = re.findall("sha256\(XXXX\+(.*?)\) == (.*)\s",
challenge)[0]
print(suffix, result)
prefix = break_pow(suffix, result)
print(prefix)
send(s, prefix)
send(s, msg1)
sleep(1)
send(s, msg2)
print(interactive(s))
def main():
port = 1337
host = "bitflip1.hackable.software"
s = nc(host, port)
print(receive_until(s, "\n"))
send(s, raw_input(">")) # PoW
suffix = '0'
while len(suffix) < 128:
print('suffix is', suffix)
print(receive_until(s, "\n"))
bit = round(s, suffix=suffix)
suffix = bit + suffix
seed = suffix
print('Seed', seed)
final_round(s, seed)
s.close()
def main():
port = 1337
host = "bitflip3.hackable.software"
s = nc(host, port)
print(receive_until(s, "\n"))
send(s, raw_input(">"))
suffix = '0'
while len(suffix) < 128:
print('suffix is', suffix)
print(receive_until(s, "\n"))
bit = round(s, suffix=suffix)
suffix = bit + suffix
seed = suffix
print('Seed', seed)
target_seed = int("f518d60deba9327df0b1c4681b64236e1554ab733c4e66c2c93a8837cc4c30eb", 16)
final_round(s, seed, target_seed)
s.close()
def main():
n1 = read_collision_n("col1")
factors1 = [
234616432627,
705869477985961204313551643916777744071330628233585786045998984992545254851001542557142933879996265894077678757754161926225017823868556053452942288402098017612976595081470669501660030315795007199720049960329731910224810022789423585714786440228952065540955255662140767866791612922576360776884260619L
]
# col1 = base64.b64encode(n1)
# sig1 = get_sig(col1)
# value cached below
sig1 = 45254147107316604985838940723873087065648716656505719897465763752188344559259982909946582387581238630810505111702280156530580024162354320922165321462910808027195861156154913029659141369366731116256144166513466262820414101619676170670462164924122480441158287460305618685897536866567703872210447139212329752485
n2 = read_collision_n("col2")
factors2 = [
119851, 236017,
5854608817710130372948444562294396040006311067115965740712711205981029362712183315259168783815905208719000197236691607700100836391807927746833977891792631066541406816904680111217125634549418611669208807316369565620310660295144628581977856740654199823679135895590513942858128229967305158632385155587L
]
# col2 = base64.b64encode(n2)
# sig2 = get_sig(col2)
# value cached below
sig2 = 75192947990007542085188766184539371284719071358445557426300109324739891690549237742257214192631557978881958688601121333533557280909118797353696869434142069884160391258848066603116809532123308968051639065681186651011928077675380204482405509591787282691679920144780885427200808239335447140493957969342214523565
real_signature1 = decode_rsa_signature(n1, factors1, sig1)
real_signature2 = decode_rsa_signature(n2, factors2, sig2)
print(real_signature1)
print(real_signature2)
k = (h(makeMsg("test", n1)) - h(makeMsg("test", n2))) * modinv(
real_signature1 - real_signature2, Q) % Q
print(k)
r = real_signature1 / Q
s = real_signature1 % Q
private_key = ((s * k) - h(makeMsg("test", n1))) * modinv(r, Q)
print(private_key)
admin_sig = simple_sign("admin", "1", private_key)
name = base64.b64encode("admin")
n = base64.b64encode("1")
sig = base64.b64encode(long_to_bytes(admin_sig))
url = "pki.hackable.software"
port = 1337
s = nc(url, port)
send(s, "login:"******"," + n + "," + sig)
sleep(5)
flag = s.recv(9999)
print(flag)
def main():
port = 1337
host = "34.89.64.81"
s = nc(host, port)
skip = receive_until_match(s, "pub_key = ")
skip = receive_until_match(s, "pub_key = ")
skip = receive_until_match(s, "pub_key = ")
pubkey = receive_until(s, b"\n")[:-1]
msg = receive_until(s, b"=")
msg = re.findall("\"(.*)\"", msg.decode("utf-8"))[0]
sig = receive_until(s, b"\n")[1:-1]
print(pubkey)
print(msg)
print(sig)
m, sig = solve(msg, sig)
send(s, m.encode("utf-8"))
send(s, sig.encode("utf-8"))
interactive(s)
def worker(pad_char):
port = 5959
host = "simple-spn.ctf.defenit.kr"
s = nc(host, port)
x = receive_until(s, "\n")
x = receive_until(s, "\n")
ct = []
payloads = [pad("\0", pad_char).encode("hex")]
for i in range(1, 256):
payloads.append(pad(long_to_bytes(i), pad_char).encode("hex"))
for payload in payloads:
send(s, payload)
c = receive_until(s, "\n")
ct.append(re.findall("ciphertext: (.*)\n", c)[0])
x = receive_until(s, "\n")
print('cts', ct)
ct = [[ord(c) for c in x.decode("hex")] for x in ct]
candidates = integral(ct)
return candidates
def main():
host = "crypto.byteband.it"
port = 7002
s = nc(host, port)
for i in range(32):
data = receive_until_match(s, "Plaintext \(b64encoded\) : ")
pt = receive_until(s, "\n").decode("base64")
receive_until(s, "\n")
x = int(receive_until(s, "\n").strip(), 16)
m = int(receive_until(s, "\n").strip(), 16)
print('x', x)
print('m', m)
n = recover_n(x, m)
print('recovered n', n)
key = RSA.construct((long(n), long(65537)))
ct = base64.b64encode(encrypt(key, pt))
print('ct', ct)
send(s, ct)
interactive(s)
def main():
host = "37.139.4.247"
port = 19153
s = nc(host, port)
data = receive_until_match(s, "= .*\n")
print(data)
suffix = data[-7:-1]
print(suffix)
response = pow(suffix, data)
print('pow', response)
send(s, response)
print(receive_until_match(s, "solve"))
send(s, 'C')
data = receive_until_match(s, "n = \d+\n")
print(data)
number = re.findall("n = (\d+)", data)[0]
for i in range(101):
data = receive_until_match(s, "equal to " + str(i))
print(data)
response = calculate(number, i)
print(i, response)
send(s, response)
interactive(s)
def main():
url = "crypto.chal.ctf.westerns.tokyo"
port = 5643
s = nc(url, port)
print(receive_until_match(s, "4: get encrypted key"))
n = recover_n(s)
print('n', n)
decrypted_aes_key = recover_aes_key(n, s)
print('aes key', decrypted_aes_key.encode("hex"))
next_iv_hex = recover_next_iv(s)
print('next iv', next_iv_hex)
send(s, '3')
r = receive_until_match(s, "4: get encrypted key\n")
flag_ct = re.findall("another bulldozer is coming!\n(.*)\n", r)[0][32:]
print('encrypted flag', next_iv_hex + flag_ct)
print(aes_decrypt((next_iv_hex + flag_ct).decode("hex"), decrypted_aes_key))
s.close()
def get_kn():
host = "3.115.26.78"
port = 31337
s = nc(host, port)
receive_until_match(s, "! ")
flag_ct = receive_until(s, "\n")[:-1]
plaintexts = [long_to_bytes(x)[3:] for x in prepare_values()]
results = []
for pt in plaintexts:
receive_until_match(s, ": ")
send(s, pt.encode("hex"))
res = receive_until(s, "\n")[:-1]
results.append(res)
s.close()
CTA = int(results[0], 16)
CTB = int(results[1], 16)
CTC = int(results[2], 16)
CTD = int(results[3], 16)
kn = (CTA * CTB) - (CTD * CTC)
print("Got k*N", kn)
return kn
def main():
f = 0
encrypted_flag = ""
welcome = ""
while f == 0:
s = nc(HOST, PORT)
welcome = receive_until(s, "\n")[:-1]
print("welcome: ", welcome[:-1])
# Get command not found
send(s, welcome)
receive_until(s, "\n")
receive_until(s, "\n")
cnf = receive_until(s, "\n")[:-2]
print("cnf: ", cnf)
payload = gen_payload(welcome, "Welcome!", "get-flag")
receive_until(s, "\n")
send(s, payload)
receive_until(s, "\n")
encrypted_flag = receive_until(s, "\n")[:-2]
payload = gen_payload(encrypted_flag, "send_flag_", "get-flag\x00\x00")
send(s, payload)
receive_until(s, "\n")
encrypted_flag2 = receive_until(s, "\n")[:-2]
print("encrypted flag: ", encrypted_flag2)
print
if encrypted_flag2 != cnf:
f = 1
break
raw_enc_flag = encrypted_flag.decode("base64")
flag = ""
current = "send_fl"
print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"),
len(encrypted_flag.decode("base64")))
for block_to_recover in range(3):
malleable_block = base64.b64encode(raw_enc_flag[block_to_recover *
16:])
missing = 16 - len(current)
for spaces in range(missing):
for c in string.printable:
test_flag_block_prefix = current + c + ("\0" *
(missing - spaces))
expected_command = (" " * spaces) + "get-flag"
payload = gen_payload(malleable_block, test_flag_block_prefix,
expected_command)
send(s, payload)
receive_until(s, "\n")
result = receive_until(s, "\n")[:-2]
if result == encrypted_flag:
current += c
print('found matching flag char:', current)
break
print("current:", current)
flag += current
known_blocks = raw_enc_flag[16 *
block_to_recover:16 * block_to_recover +
32]
expanded_flag = raw_enc_flag[16 * block_to_recover:] + known_blocks
next_block_known = ""
for i in range(8):
get_md5 = set_cbc_payload_for_block(expanded_flag,
"\0" * 16 + current,
(" " * 9) + "get-md5",
1) # first block is get-md5
get_md5 = set_byte_cbc(
get_md5, ("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 - i -
1)) # last character to cut padding
send(s, base64.b64encode(get_md5))
receive_until(s, "\n")
real_md5_result = receive_until(s, "\n")[:-2]
for c in string.printable:
test_md5_payload = set_cbc_payload_for_block(
expanded_flag, "\0" * 16 + current,
(" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1)
test_md5_payload = set_byte_cbc(
test_md5_payload,
("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 + 1))
send(s, base64.b64encode(test_md5_payload))
receive_until(s, "\n")
test_md5_result = receive_until(s, "\n")[:-2]
if real_md5_result == test_md5_result:
next_block_known += c
print('found matching flag char:', next_block_known)
if c == '}':
print(flag + next_block_known)
exit(0)
break
print(next_block_known)
print(flag)
current = next_block_known[:-1]
def __init__(self):
url = "ppc2.chal.ctf.westerns.tokyo"
port = 38264
self.s = nc(url, port)
def main():
s = nc("52.193.157.19", 9999)
data = receive_until_match(s, "Give me XXXX:")
inputs = re.findall("SHA256\(XXXX\+(.*)\) == (.*)", data)[0]
suffix = inputs[0]
digest = inputs[1]
result = PoW(suffix, digest)
print("PoW done")
send(s, result)
receive_until_match(s, "Done!\n")
welcome = receive_until(s, "\n")[:-1]
get_flag_payload = generate_payload_from_message(welcome, "Welcome!",
"get-flag")
send(s, get_flag_payload)
encrypted_flag = receive_until(s, "\n")[:-1]
raw_enc_flag = encrypted_flag.decode("base64")
current = "hitcon{"
print('encrypted flag', encrypted_flag, encrypted_flag.decode("base64"),
len(encrypted_flag.decode("base64")))
for block_to_recover in range(3):
malleable_block = base64.b64encode(raw_enc_flag[block_to_recover *
16:])
missing = 16 - len(current)
for spaces in range(missing):
for c in string.printable:
test_flag_block_prefix = current + c + ("\0" *
(missing - spaces))
expected_command = (" " * spaces) + "get-flag"
payload = generate_payload_from_message(
malleable_block, test_flag_block_prefix, expected_command)
send(s, payload)
result = receive_until(s, "\n")[:-1]
if result == encrypted_flag:
current += c
print('found matching flag char:', current)
break
print(current)
known_blocks = raw_enc_flag[16 *
block_to_recover:16 * block_to_recover +
32]
expanded_flag = raw_enc_flag[
16 *
block_to_recover:] + known_blocks # appending IV and "Welcome!!" at the end
next_block_known = ""
for i in range(8):
get_md5 = set_cbc_payload_for_block(expanded_flag,
"\0" * 16 + current,
(" " * 9) + "get-md5",
1) # first block is get-md5
get_md5 = set_byte_cbc(
get_md5, ("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 - i -
1)) # last character to cut padding
send(s, base64.b64encode(get_md5))
real_md5_result = receive_until(s, "\n")[:-1]
for c in string.printable:
test_md5_payload = set_cbc_payload_for_block(
expanded_flag, "\0" * 16 + current,
(" " * (8 - i - 1)) + "get-md5" + next_block_known + c, 1)
test_md5_payload = set_byte_cbc(
test_md5_payload,
("\0" * (5 - block_to_recover) * 16) + current,
(6 - block_to_recover) * 16 - 1,
chr((4 - block_to_recover) * 16 + 1))
send(s, base64.b64encode(test_md5_payload))
test_md5_result = receive_until(s, "\n")[:-1]
if real_md5_result == test_md5_result:
next_block_known += c
print('found matching flag char:', next_block_known)
break
print(next_block_known)
current = next_block_known[:-1]
def main():
s = nc("adversarial.dctf-f1nals-2017.def.camp", 6666)
for i in range(30):
attack(s)
return "You will lose :("
# Calc which move to make
for index, heap in enumerate(heaps):
target_size = heap ^ nim_sum
if target_size < heap:
amount_to_remove = heap - target_size
return index, amount_to_remove
HOST = '199.247.6.180'
PORT = 14002
if __name__ == "__main__":
s = nc(HOST, PORT)
# pass CAPTCHA
r = s.recv(4096)
md5_s = re.findall('md5\(X\).hexdigest\(\)\[\:5\]=(.+?)\.', r)[0]
send(s, captcha(md5_s))
# start NIM game
r = receive_until_match(s, 'Input the pile:')
state = map(
int,
re.findall('Current state of the game: \[(.*)\]', r)[0].split(','))
while (True):
print 'STATE: ' + str(state)
index, quantity = nim(state, 'normal')