#!/usr/bin/python
from pwn import *
import hashlib, itertools
# This is the plaintext we are going to encrypt
plaintext = 'a' * 1
# iterate through lowercase letters
for letter in range(97,122+1):
plaintext = chr(letter) * 10
conn = remote('localhost',8888)
#conn = remote('146.148.79.13',8888)
task = conn.recvline()
line = task.split()
proof = line[25]
print "Got challenge ("+proof+"). Brute forcing a response..."
charset = ''.join( [ chr( x ) for x in xrange( 0, 128 ) ] )
found = False
for comb in itertools.combinations( charset, 5 ):
test = proof + ''.join( comb )
ha=hashlib.sha1()
ha.update( test )
if ( ord( ha.digest()[ -1 ] ) == 0x00 and
ord( ha.digest()[ -2 ] ) == 0x00):
found = True
break
if not found:
print 'Could not find string =('
quit()
print "Responding to challenge..."
conn.send(test)
conn.sendafter(':', plaintext + "\n")
encrypted = conn.recvline()
line = encrypted.split()
print "Plaintext "+plaintext+" encrypted is "+line[3]
conn.close()
pwnweak2.py
Subscribe to:
Posts (Atom)
No comments:
Post a Comment