Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Pwnable.kr crypto1 writeup
- ihciah@gmail.com
- In this challenge we can input username and password, then the server return an encrypted string of `{username}-{password}-{cookie}` in which the `cookie` is not known.
- Since `CBC` is used, each 32 word in encrypted string is encrypted by last block and 16 word in original string.
- So let's enter `"A"*16` as username, and enter different password, the first 32 word of the encrypted data is the same.
- So we can brute-force the cookie through trying each bit of cookie.
- Case A:
- `Username = "-"*13 + x`
- `Password = ""`
- So `String = "-"*15 + x`
- Case B:
- `Username = "-"*13`
- `Password = ""`
- So `String = "-"*15 + cookie`
- We can change `x` and compare first, second, third... 32 bit.
- Write a simple script to exploit it:
- ```
- you_will_never_guess_this_sugar_honey_salt_cookie
- ```
- Calculate `PW` through `hashlib.sha256("admin"+"you_will_never_guess_this_sugar_honey_salt_cookie").hexdigest()`
- Input username `admin` and password to get the flag.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement