API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 12th, 2016
154
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.97 KB | None | 0 0
raw download clone embed print report
  1. # Pwnable.kr crypto1 writeup
  2. ihciah@gmail.com
  3.  
  4. In this challenge we can input username and password, then the server return an encrypted string of `{username}-{password}-{cookie}` in which the `cookie` is not known.
  5.  
  6. Since `CBC` is used, each 32 word in encrypted string is encrypted by last block and 16 word in original string.
  7.  
  8. So let's enter `"A"*16` as username, and enter different password, the first 32 word of the encrypted data is the same.
  9.  
  10. So we can brute-force the cookie through trying each bit of cookie.
  11.  
  12. Case A:
  13. `Username = "-"*13 + x`
  14. `Password = ""`
  15. So `String = "-"*15 + x`
  16.  
  17. Case B:
  18. `Username = "-"*13`
  19. `Password = ""`
  20. So `String = "-"*15 + cookie`
  21.  
  22. We can change `x` and compare first, second, third... 32 bit.
  23.  
  24. Write a simple script to exploit it:
  25. ```
  26. you_will_never_guess_this_sugar_honey_salt_cookie
  27. ```
  28.  
  29. Calculate `PW` through `hashlib.sha256("admin"+"you_will_never_guess_this_sugar_honey_salt_cookie").hexdigest()`
  30.  
  31. Input username `admin` and password to get the flag.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!