示例#1
0
 def send_msg(self, msg):
     iv = chal11.get_random_bytes(16)
     #print 'iv - ',iv
     cipher = chal10.encrypt_CBC(msg, self.key, iv)
     cipher = iv + cipher
     #print cipher
     self.c.send(cipher)
示例#2
0
def CBC_padding_oracle_encrypt(key):
    plaintext = base64.b64decode(random_strings[random.randint(
        0,
        len(random_strings) - 1)])
    print '.',
    iv = chal11.get_random_bytes(16)
    plaintext = chal9.pad(plaintext, 16)
    ciphertext = chal10.encrypt_CBC(plaintext, key, iv)
    return ciphertext, iv
示例#3
0
def encryption_oracle(plaintext):
    aes_key = get_random_bytes(16)
    plaintext = get_random_bytes(random.randint(
        5, 10)) + plaintext + get_random_bytes(random.randint(5, 10))
    ecb_flag = (0 == random.randint(0, 1))
    #print ecb_flag
    if ecb_flag:
        #ecb encryption
        plaintext = chal9.pad(plaintext, 16)
        return chal7.encrypt_ECB(plaintext, aes_key)
    else:
        iv = get_random_bytes(16)
        return chal10.encrypt_CBC(plaintext, aes_key, iv)
示例#4
0
g = 2
a = randint(1, p)
A = pow(g, a, p)
packet = {}
packet['p'] = p
packet['g'] = g
packet['A'] = A
c.send(json.dumps(packet))
print "p,g,A sent to B"
response = json.loads(c.recv(1024))
B = response['B']
print 'B received'
msg = "Hello B"
s = pow(B, a, p)
hash = SHA1()
hash.update(str(s))
key = hash.hexdigest()[0:16]
#print key
iv = chal11.get_random_bytes(16)
#print 'iv - ',iv
cipher = chal10.encrypt_CBC(msg, key, iv)
cipher = iv + cipher
#print cipher
c.send(cipher)
response = c.recv(1024)
cipher = response[16:]
iv = response[:16]
msg = chal10.decrypt_CBC(cipher, key, iv)
print 'Message from B - ', msg
c.close()
示例#5
0
    iv = base64.b64decode(data['iv'])
    msg = data['message']
    msg_length = len(msg)
    blocks = msg_length / len(iv)
    print msg[blocks - 1 * 16:]
    iv = iv[:-3] + chr(ord(iv[-3]) ^ ord('5') ^ ord('9')) + iv[-2:]
    data['iv'] = base64.b64encode(iv)
    msg = msg[:-3] + '9' + msg[-2:]
    data['message'] = msg
    response = requests.get('http://localhost:9000/transaction',
                            data=json.dumps(data))
    print 'Attacker Test#1 - ', response.content == "Transaction Successful"


KEY = 'YELLOW_SUBMARINE'
iv = chal11.get_random_bytes(16)
msg = 'from=Target&to=Nitesh&amount=500'
mac = chal10.encrypt_CBC(msg, KEY, iv)[-16:]
data = {}
data['message'] = msg
data['iv'] = base64.b64encode(iv)
data['mac'] = base64.b64encode(mac)
response = requests.get('http://localhost:9000/transaction',
                        data=json.dumps(data))
print 'Server Test#1 - ', response.content == "Transaction Successful"
attack(data)
data['message'] = 'from=Target&to=Nitesh&amount=5000'
response = requests.get('http://localhost:9000/transaction',
                        data=json.dumps(data))
print 'Server Test#2 - ', response.content == "Mac doesn't match!"
示例#6
0
def cbc_oracle(plaintext):
	plaintext = plaintext.replace(';','')
	plaintext = plaintext.replace('=','')
	plaintext = "comment1=cooking%20MCs;userdata="+plaintext+";comment2=%20like%20a%20pound%20of%20bacon"
	plaintext = chal9.pad(plaintext,16)
	return chal10.encrypt_CBC(plaintext,KEY,iv)
示例#7
0
def verify_mac(msg, iv, mac):
    return mac == chal10.encrypt_CBC(msg, KEY, iv)[-16:]
示例#8
0
 def send_msg(self, msg):
     iv = chal11.get_random_bytes(16)
     cipher = chal10.encrypt_CBC(msg, self.key, iv)
     cipher = iv + cipher
     self.s.send(cipher)