SHARE
TWEET

Untitled

a guest Oct 18th, 2019 66 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python2
  2.  
  3. import sys,os
  4. from pwn import *
  5.  
  6. HOST="13.57.200.124"
  7. PORT=1337
  8.  
  9. def exploit(r):
  10.  
  11.     r.recvuntil("choice :")
  12.     r.sendline('1')
  13.     r.recvuntil('plaintext :')
  14.     payload=""
  15.     payload+="admi"
  16.     payload+="A"*21
  17.  
  18.     pt=payload+'\n'
  19.  
  20.     r.sendline(payload)
  21.     ct=r.recvline().strip()
  22.  
  23.     ct=ct.decode('hex')
  24.  
  25.     iv=ct[:16]
  26.     ct=ct[16:]
  27.     xpt=xor(pt, iv)
  28.    
  29.     ivbit=iv[4]
  30.  
  31.     ivbit=chr(ord(ivbit)^ord('A')^ord('n'))
  32.     nct=iv[:4]+ivbit+iv[5:]+ct
  33.     nct=nct.encode('hex')
  34.  
  35.     r.recvuntil("choice :")
  36.     r.sendline('2')
  37.     r.recvuntil('ciphertext(in hex) :')
  38.     r.sendline(nct)
  39.  
  40.     r.recvline()
  41.     r.recvline()
  42.  
  43.     r.recvuntil("Enter the ciphertext(in hex) :")
  44.     r.sendline(ct.encode('hex'))
  45.     flag=r.recv(16)
  46.     print "SecConCTF{"+(xor(flag,xpt)[:16])+"}"
  47.  
  48.     r.close()
  49.     return
  50.  
  51. if __name__ == "__main__":
  52.  
  53.     r = remote(HOST, PORT)
  54.     exploit(r)
  55.     sys.exit(0)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top