#!/usr/bin/pythonimport osimport sysfrom hashlib import sha1, md5from Cr

1. #!/usr/bin/python
2. import os
3. import sys
4. from hashlib import sha1, md5
5. from Crypto.Cipher import DES
6. from base64 import b64encode, b64decode
7.  
8. SECRET = os.urandom(16)
9.  
10. part1 = '**CENSORED*-' #part1 of flag
11. part2 = '**CENSORED**' #part2 of flag
12.  
13. class Unbuffered(object):
14. def __init__(self, stream):
15. self.stream = stream
16. def write(self, data):
17. self.stream.write(data)
18. self.stream.flush()
19. def __getattr__(self, attr):
20. return getattr(self.stream, attr)
21.  
22. sys.stdout = Unbuffered(sys.stdout)
23. sys.stderr = None
24.  
25. pad = lambda s: (s + (8 - len(s) % 8) * chr(8 - len(s) % 8))[0:8]
26.  
27. _MENU = """
28. 1. Register
29. 2. Login
30. 3. Quit"""
31.  
32. def _superencrypt(k, kk, kkk):
33. kkkk = DES.new(k, DES.MODE_ECB)
34. kkkkk = kkkk.encrypt(kkk)
35. kkkkkk = DES.new(kk, DES.MODE_ECB)
36. return kkkkkk.encrypt(kkkkk)
37.  
38. def generate_creds(uname, passwd):
39. ROLE = '0'
40. s = "uname={}&passwd={}&ROLE={}".format(uname, md5(passwd).hexdigest(), ROLE)
41. s+= "&sign=" + sha1(SECRET + s).hexdigest()
42. return b64encode(s)
43.  
44. def register():
45. uname = raw_input('Username: ')
46. passwd = raw_input('Password: ')
47.  
48. if uname and passwd:
49. print 'You have successfully registered as {0}!'.format(uname)
50. print 'Use this code to login:', generate_creds(uname, passwd)
51.  
52. def parse(info):
53. block = info.split('&')
54. for b in block:
55. if b.startswith('ROLE='):
56. ROLE = b[5:]
57. if b.startswith('uname='):
58. uname = b[6:]
59. if b.startswith('passwd='):
60. passwd = b[7:]
61. return [uname, passwd, ROLE]
62.  
63. def login():
64. creds = raw_input('Enter your creds: ')
65. creds = b64decode(creds)
66. creds = creds.split("&sign=")
67. creds, sign = creds[0], creds[1]
68.  
69. if sha1(SECRET + creds).hexdigest() == sign:
70. uname, passwd, ROLE = parse(creds)
71. print 'You have logged in successfully as {0}!'.format(uname)
72. if ROLE == '0':
73. print 'Hm... your ROLE is 0, no flag for you!'
74. print 'Please upgrade your ROLE to 1 to view flag.'
75. elif ROLE == '1':
76. if uname == 'admin':
77. print 'Welcome admin, HOWDY!'
78. print 'This is your first part of flag:', part1
79. print 'Please upgrade your ROLE to 2 to view the second part of flag.'
80. else:
81. print 'Only \'admin\' who has ROLE=1 can see this section.'
82. elif ROLE == '2':
83. while True:
84. print '-----Hidden Area-----\n1. view-secret\n2. view-source\n3. Quit'
85. _choice = raw_input('>>> ')
86.  
87. if _choice == '1':
88. key = raw_input('Input your 8 bytes key (hex-encoded) to see the secret: ').decode('hex')
89. if md5(key).hexdigest() == md5(passwd).hexdigest():
90. print 'For security purpose, your key is not allowed to be the same with your password!'
91. print 'Bye!'
92. else:
93. try:
94. if _superencrypt(pad(passwd), pad(key), uname) == 'iamgroot':
95. print 'Hi gr00t, this is your 2nd part of flag:', part2
96. print 'Bye!'
97. else:
98. print 'Nope! Who are you?'
99. except:
100. print 'Invalid username/key length!'
101. elif _choice == '2':
102. print 'https://gist.github.com/quandqn/d637ecbae4abf3f675c2767445fd7da6'
103. else:
104. print 'Bye!'
105. break
106. else:
107. print 'Invalid username/role!'
108. else:
109. print 'Invalid creds!'
110.  
111. print "-----ABCXYZ Admin Panel-----"
112. while True:
113. print _MENU
114. choice = raw_input(">>> ")
115. if choice == '1':
116. register()
117. elif choice == '2':
118. login()
119. else:
120. break