web 150 kma_ctf

1. from flask import Flask, request, render_template, redirect, url_for
2. from Crypto.Cipher import AES
3. import binascii, struct, json
4. app = Flask(__name__)
5.  
6. key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
7. iv = "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
8. ######################################################################################
9. def encrypt(key, text, iv):
10. if(len(key) > 32):
11. print "Error!"
12. exit(1)
13. else:
14. if(len(key) < 16):
15. key = padding(string2byte(key),16)
16. else:
17. if(len(key) < 24):
18. key = padding(string2byte(key),24)
19. else:
20. key = padding(string2byte(key),32)
21. text = padding(string2byte(text))
22.  
23. iv = padding(string2byte(iv))
24. encrypt_suite = AES.new(key, AES.MODE_ECB, iv)
25. cipher = encrypt_suite.encrypt(text)
26. return cipher
27. def decrypt(key, cipher, iv):
28. iv = padding(string2byte(iv))
29. if(len(key) > 32):
30. print "Error!"
31. exit(1)
32. else:
33. if(len(key) < 16):
34. key = padding(string2byte(key),16)
35. else:
36. if(len(key) < 24):
37. key = padding(string2byte(key),24)
38. else:
39. key = padding(string2byte(key),32)
40. decrypt_suite = AES.new(key, AES.MODE_ECB, iv)
41. data = decrypt_suite.decrypt(cipher)
42. byte = byte2string(depadding(string2byte(data)))
43. return byte
44. def padding(data, block_size=16):
45. x, y = divmod(len(data),block_size)
46. if y!=0:
47. length = block_size - (len(data) % block_size)
48. for i in range(1,length+1):
49. data.append(length)
50. return struct.pack('b'*len(data), *data)
51. def depadding(bytes):
52. length = bytes[-1]
53. if length > 0 and length < 16:
54. for i in range(1, length+1):
55. bytes.pop()
56. return bytes
57. def string2byte(text):
58. return list(ord(c) for c in text)
59. def byte2string(byte):
60. return "".join(chr(i) for i in byte)
61. ######################################################################################
62.  
63.  
64.  
65.  
66. @app.route("/")
67. def hello():
68. return redirect(url_for('find'))
69. @app.route("/find/", methods=['GET', 'POST'])
70. def find():
71. if request.method == "GET":
72. return find_form()
73. elif request.method == "POST":
74. return do_find()
75. def find_form():
76. return render_template("find_form.html")
77. def do_find():
78. username = request.form['username']
79. data = {
80. 'username' : username,
81. 'money' : 0
82. }
83. ticket_raw = json.dumps(data)
84. print ticket_raw
85. ticket = binascii.hexlify(encrypt(key,ticket_raw,iv))
86. return render_template("ticket_result.html", username=username, ticket=ticket)
87.  
88. @app.route("/ticket/<ticket>")
89. def check_ticket(ticket):
90. data = binascii.unhexlify(ticket)
91. data_raw = decrypt(key, data, iv)
92. print data_raw
93. data_raw2 = depadding(data_raw)
94. user_info = json.loads(data_raw2)
95. if (user_info['money'] < 1000000):
96. message = "You not enough money, you need 1000000 VND"
97. else:
98. message = "You are rich man :). This is your key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
99. return render_template("check_ticket.html", username=user_info['username'], money=user_info['money'], message=message)
100.  
101.  
102. if __name__ == "__main__":
103. #app.debug = True
104. app.run("0.0.0.0",8080)