Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python2
- import sys,os
- from pwn import *
- HOST="13.57.200.124"
- PORT=1337
- def exploit(r):
- r.recvuntil("choice :")
- r.sendline('1')
- r.recvuntil('plaintext :')
- payload=""
- payload+="admi"
- payload+="A"*21
- pt=payload+'\n'
- r.sendline(payload)
- ct=r.recvline().strip()
- ct=ct.decode('hex')
- iv=ct[:16]
- ct=ct[16:]
- xpt=xor(pt, iv)
- ivbit=iv[4]
- ivbit=chr(ord(ivbit)^ord('A')^ord('n'))
- nct=iv[:4]+ivbit+iv[5:]+ct
- nct=nct.encode('hex')
- r.recvuntil("choice :")
- r.sendline('2')
- r.recvuntil('ciphertext(in hex) :')
- r.sendline(nct)
- r.recvline()
- r.recvline()
- r.recvuntil("Enter the ciphertext(in hex) :")
- r.sendline(ct.encode('hex'))
- flag=r.recv(16)
- print "SecConCTF{"+(xor(flag,xpt)[:16])+"}"
- r.close()
- return
- if __name__ == "__main__":
- r = remote(HOST, PORT)
- exploit(r)
- sys.exit(0)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement