Guest User

Untitled

a guest
Jul 19th, 2020
44
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. from Crypto.Util.Padding import pad, unpad
  2. from Crypto.Cipher import AES
  3. from Crypto.Random import get_random_bytes
  4. from datetime import datetime, timedelta
  5.  
  6. challenge_description("You can generate an access token for my network service, but you shouldn't be able to read the flag... I think.")
  7. challenge_name = "It's as easy as access=0000"
  8. FLAG = "ractf{XXX}"
  9. KEY = get_random_bytes(16)
  10.  
  11. def get_flag(token, iv):
  12. token = bytes.fromhex(token)
  13. iv = bytes.fromhex(iv)
  14. try:
  15. cipher = AES.new(KEY, AES.MODE_CBC, iv)
  16. decrypted = cipher.decrypt(token)
  17. unpadded = unpad(decrypted, 16)
  18. except ValueError as e:
  19. return {"error": str(e)}
  20. if b"access=0000" in unpadded:
  21. return {"flag": FLAG}
  22. else:
  23. return {"error": "not authorized to read flag"}
  24.  
  25. def generate_token():
  26. expires_at = (datetime.today() + timedelta(days=1)).strftime("%s")
  27. token = f"access=9999;expiry={expires_at}".encode()
  28. iv = get_random_bytes(16)
  29. padded = pad(token, 16)
  30. cipher = AES.new(KEY, AES.MODE_CBC, iv)
  31. encrypted = cipher.encrypt(padded)
  32. ciphertext = iv.hex() + encrypted.hex()
  33. return {"token": ciphertext}
  34.  
  35. def start_challenge():
  36. menu = "Would you like to:\n[1] Create a guest token\n[2] Read the flag"
  37. while True:
  38. print(menu)
  39. choice = str(input("Your choice: "))
  40. while choice != "1" and choice != "2":
  41. choice = str(input("Please enter a valid choice. Try again: "))
  42. if choice == "1":
  43. print(generate_token())
  44. elif choice == "2":
  45. token = input("Please enter your admin token: ")
  46. while not token:
  47. token = input("Tokens can't be empty. Try again: ")
  48. iv = input("Please enter your token's initialization vector: ")
  49. while not iv:
  50. iv = input("Initialization vectors can't be empty. Try again: ")
  51. print(get_flag(token, iv))
  52.  
  53. start_challenge()
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×