예제 #1
0
def ch126(fp):
    ringzer0.output('parsing dictionary')
    wordset, wordmap = set(), {}
    with open(fp, 'r') as f:
        for line in f:
            word = line.strip()
            wordset.add(word)
            mapped = ''.join(sorted(word))
            wordmap[mapped] = word
    ringzer0.output('done parsing dictionary')

    ch, s = 126, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, words = sections['title'], sections['words']

    ringzer0.output('solving')
    result = []
    for word in words.split(','):
        if word in wordset:
            result.append(word)
            continue
        mapped = ''.join(sorted(word))
        if mapped in wordmap:
            word = wordmap[mapped]
            result.append(word)
    result = ','.join(result)
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)
def ch126(fp):
	ringzer0.output('parsing dictionary')
	wordset, wordmap = set(), {}
	with open(fp, 'r') as f:
		for line in f:
			word = line.strip()
			wordset.add(word)
			mapped = ''.join(sorted(word))
			wordmap[mapped] = word
	ringzer0.output('done parsing dictionary')
	
	ch, s = 126, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, words = sections['title'], sections['words']
	
	ringzer0.output('solving')
	result = []
	for word in words.split(','):
		if word in wordset:
			result.append(word)
			continue
		mapped = ''.join(sorted(word))
		if mapped in wordmap:
			word = wordmap[mapped]
			result.append(word)
	result = ','.join(result)
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #3
0
def ch119():
	ch, s = 119, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch, clean=False)
	title, msg = sections['title'], sections['message']
	
	ringzer0.output('solving')
	result = parse_ascii(msg)
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
def ch159():
	ch, s = 159, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, sha1 = sections['title'], sections['hash']
	
	ringzer0.output('solving')
	result = check_output(['php', 'coding.ch159.lookup.php', sha1]).strip()
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #5
0
def ch159():
    ch, s = 159, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, sha1 = sections['title'], sections['hash']

    ringzer0.output('solving')
    result = check_output(['php', 'coding.ch159.lookup.php', sha1]).strip()
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)
def ch125():
	ch, s = 125, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, shellcode = sections['title'], sections['shellcode']
	
	ringzer0.output('solving')
	sc = shellcode.replace('\\x', '').decode('hex')
	hx = sc[0x57:0x57+0x0c].encode('hex')
	result = ''.join(chr(int(x,16) ^ 0xff) for x in re.findall('..', hx))
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #7
0
def ch121():
    ch, s = 121, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, shellcode = sections['title'], sections['shellcode']

    ringzer0.output('solving')
    sc = shellcode.replace('\\x', '').decode('hex')
    hx = sc[0x54:0x54 + 0x0c].encode('hex')
    result = ''.join(chr(int(x, 16) ^ 0xff) for x in re.findall('..', hx))
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)
예제 #8
0
def ch56():
	ch, s = 56, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, xhash = sections['title'], sections['hash']
	
	ringzer0.output('solving')
	charset = '0123456789'
	result = search_hash(charset, 4, 4, hashlib.sha1, xhash)
	if result is None:
		ringzer0.error('could not lookup hash ' + xhash) 
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #9
0
def ch32():
	ch, s = 32, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, msg = sections['title'], sections['message']
	
	ringzer0.output('solving')
	calc = ' %s ' % msg.split('=')[0]
	mx = re.findall(' ([01]+) ', calc)
	for b in mx:
		calc = calc.replace(b, str(int(b, 2)))
	result = str(eval(calc))
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #10
0
def ch32():
    ch, s = 32, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, msg = sections['title'], sections['message']

    ringzer0.output('solving')
    calc = ' %s ' % msg.split('=')[0]
    mx = re.findall(' ([01]+) ', calc)
    for b in mx:
        calc = calc.replace(b, str(int(b, 2)))
    result = str(eval(calc))
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)
예제 #11
0
def ch13():
    ch, s = 13, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, msg = sections['title'], sections['message']

    ringzer0.output('solving')
    mx = re.search(r'using ([a-z0-9]+) algorithm', title)
    algorithm = mx.group(1)
    h = hashlib.new(algorithm)
    h.update(msg)
    result = h.hexdigest()
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)
예제 #12
0
def ch57():
    ch, s = 57, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, xhash, xsalt = sections['title'], sections['hash'], sections['salt']

    ringzer0.output('solving')
    charset = '0123456789'
    transformation = lambda x: x + xsalt
    result = search_hash(charset, 4, 4, hashlib.sha1, xhash, transformation)
    if result is None:
        ringzer0.error('could not lookup hash ' + xhash)
    result = result[:result.rindex(xsalt)]
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)
예제 #13
0
def ch57():
	ch, s = 57, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, xhash, xsalt = sections['title'], sections['hash'], sections['salt']
	
	ringzer0.output('solving')
	charset = '0123456789'
	transformation = lambda x: x + xsalt
	result = search_hash(charset, 4, 4, hashlib.sha1, xhash, transformation)
	if result is None:
		ringzer0.error('could not lookup hash ' + xhash) 
	result = result[:result.rindex(xsalt)]
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #14
0
def ch14():
	ch, s = 14, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, msg = sections['title'], sections['message']
	
	ringzer0.output('solving')
	mx = re.search(r'using ([a-z0-9]+) algorithm', title)
	algorithm = mx.group(1)
	h = hashlib.new(algorithm)
	data = ''.join(chr(int(msg[i:i+8], 2)) for i in xrange(0, len(msg), 8))
	h.update(data)
	result = h.hexdigest()
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #15
0
def ch16():
	ch, s = 16, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, hidden_xor_key, crypted_message = sections['title'], sections['xor key'], sections['crypted message']
	
	ringzer0.output('solving')
	xor_key_len = 10
	message = base64.b64decode(crypted_message)
	result = ''
	for i in range(0,len(hidden_xor_key) - xor_key_len + 1):
		xor_key = hidden_xor_key[i:i+xor_key_len]
		xored = xor_str(message, xor_key)
		alpha = re.match('^[\w-]+$', xored)
		if alpha:
			result = xored
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #16
0
def ch15():
	ch, s = 15, ringzer0.login()
	sections = ringzer0.read_challenge(s, ch)
	title, msg, chksum = sections['title'], sections['elf message'], sections['checksum']
	
	ringzer0.output('solving')
	elf = msg
	while re.match(r'^[a-zA-Z0-9+/]*={0,3}$', elf):
		elf = base64.b64decode(elf)
	elf = elf[::-1]
	elf_md5 = hashlib.md5(elf).hexdigest()
	if chksum != elf_md5:
		ringzer0.error('checksum mismatch ({0} vs {1})'.format(chksum, elf_md5))
	result = ''
	with ringzer0.tmpfile() as (fd, fn):
		ringzer0.write_bin_file(fd, elf)
		
		r2 = r2pipe.open(fn)
		asm_lines = r2.cmd('aa; s sym.main; pif~&mov,rbp').splitlines()
		asm_rg = re.compile(r'^mov [^,]*\[rbp\s?-\s?([0-9a-fx]+)\],\s?([^\s]+)$')
		asm_vals, top = {}, 0
		for asm_line in asm_lines:
			rx = re.match(asm_rg, asm_line)
			if not rx: 
				continue
			pos, val = rx.group(1), rx.group(2)
			if val.startswith('r'): 
				continue
			if val.startswith('0x'): val = val[2:]
			if len(val) % 2 == 1: val = '0' + val
			pos, val = int(pos, 16), val.decode('hex')
			asm_vals[pos] = val
			top = max(top, pos)
		stack = bytearray('\0' * top)
		
		for k in sorted(asm_vals, reverse=True):
			v = asm_vals[k]
			stack[top - k:len(v)] = v[::-1]
		result = stack[:stack.index('\00')]
	ringzer0.output('solved', result)
	
	response = ringzer0.submit_challenge(s, ch, result)
	ringzer0.output('response', response)
예제 #17
0
def ch16():
    ch, s = 16, ringzer0.login()
    sections = ringzer0.read_challenge(s, ch)
    title, hidden_xor_key, crypted_message = sections['title'], sections[
        'xor key'], sections['crypted message']

    ringzer0.output('solving')
    xor_key_len = 10
    message = base64.b64decode(crypted_message)
    result = ''
    for i in range(0, len(hidden_xor_key) - xor_key_len + 1):
        xor_key = hidden_xor_key[i:i + xor_key_len]
        xored = xor_str(message, xor_key)
        alpha = re.match('^[\w-]+$', xored)
        if alpha:
            result = xored
    ringzer0.output('solved', result)

    response = ringzer0.submit_challenge(s, ch, result)
    ringzer0.output('response', response)