Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from pwn import *
- from Crypto.Util.strxor import strxor
- import codecs
- def encrypt(pt,key):
- byte_ct = strxor(key, pt)
- hex_ct = codecs.encode(byte_ct, 'hex')
- return hex_ct
- # Establish an SSL connection to the server
- io = remote('cookieotp.chall.srdnlen.it', 443, ssl=True)
- #io.interactive()
- io.recvuntil(b"name?")
- io.sendline("".encode())
- io.recvuntil(b"Here's your cookie, keep it safe!")
- cookie=io.recvuntil(b"Wait, I forgot something, can you give it back please?").decode()
- cookie=cookie.split("Wait, I forgot something, can you give it back please? ")[0]
- cookie=cookie.strip()
- #keep only the first 42 chars
- cookie=cookie[:42]
- print("cookie:",cookie)
- cookie=bytes.fromhex(cookie)
- print(cookie)
- expected="username=&admin=False"
- key=[]
- for pp,ee in zip(cookie,expected):
- key.append(pp^ord(ee))
- solve="username=&admin=True "
- solve=encrypt(solve.encode(),bytes(key))
- print(str(solve))
- io.sendline(solve)
- soluzione=io.recvuntil("}")
- print(soluzione)
- # Close the connection when done
- io.close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement