from pwn import *from Crypto.Util.strxor import strxorimport codecs def

1. from pwn import *
2. from Crypto.Util.strxor import strxor
3. import codecs
4.  
5. def encrypt(pt,key):
6.  
7.     byte_ct = strxor(key, pt)
8.     hex_ct = codecs.encode(byte_ct, 'hex')
9.  
10.     return hex_ct
11.  
12. # Establish an SSL connection to the server
13. io = remote('cookieotp.chall.srdnlen.it', 443, ssl=True)
14. #io.interactive()
15.  
16. io.recvuntil(b"name?")
17.  
18. io.sendline("".encode())
19.  
20. io.recvuntil(b"Here's your cookie, keep it safe!")
21.  
22. cookie=io.recvuntil(b"Wait, I forgot something, can you give it back please?").decode()
23.  
24. cookie=cookie.split("Wait, I forgot something, can you give it back please? ")[0]
25. cookie=cookie.strip()
26.  
27. #keep only the first 42 chars
28. cookie=cookie[:42]
29.  
30. print("cookie:",cookie)
31.  
32. cookie=bytes.fromhex(cookie)
33. print(cookie)
34.  
35.  
36. expected="username=&admin=False"
37.  
38. key=[]
39. for pp,ee in zip(cookie,expected):
40.     key.append(pp^ord(ee))
41.  
42.  
43. solve="username=&admin=True "
44.  
45. solve=encrypt(solve.encode(),bytes(key))
46.  
47. print(str(solve))
48.  
49. io.sendline(solve)
50.  
51. soluzione=io.recvuntil("}")
52. print(soluzione)
53.  
54. # Close the connection when done
55. io.close()