import crypto
ct = crypto.base64_to_str(open('data/7.txt', 'r').read())
key = "YELLOW SUBMARINE"
pt = crypto.aes_decrypt_ecb(ct, key)
print pt
email += "*****@*****.**"
email += "admin".ljust(16, '\x00')
profile = profile_for(email)
params = encode_params(profile)
print "[*]Encrypting params:\n{}".format(params)
ct = crypto.aes_encrypt_ecb(params, key)
print "[*]Here's your ct:\n{}".format(ct.encode('hex'))
# Snip out the 'admin' block.
admin = ct[16:32]
# Now request a second encoding that has a email whose length puts the
# start of the role into its own block at the end
# email=Much_Long_yes&uid=10&role=user
# 0123456789ABCDEF0123456789ABCDEF
email = "Much_Long_Wow"
profile = profile_for(email)
params = encode_params(profile)
print "[*]Encrypting params:\n{}".format(params)
ct = crypto.aes_encrypt_ecb(params, key)
print "[*]Here's your ct:\n{}".format(ct.encode('hex'))
# Snip off the user and add the admin
attacker_ct = ct[:32] + admin
pt = crypto.aes_decrypt_ecb(attacker_ct, key)
print "[*]Decrypted your ct to:\n{}".format(pt)
print "[*]Created account:\n{}".format(parse_params(pt))
