habitaso/Digest.java

## Digest.java
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Map;
import org.apache.commons.codec.digest.DigestUtils;


public class Main {
	public static void main(String [] args) throws IOException{
		String user = "q9";
		String realm= "secret";
		String uri = "/~q9/flag.html";
		String method="GET";
		String hasha1 = "c627e19450db746b739f41b64097d449";
		String a2 = method +":"+ uri;
		String nc ="00000001";
		String cnonce ="9691c249745d94fc";
		String qop = "auth";
		//サーバにリクエストを送信
		URL url = new URL("http://ksnctf.sweetduet.info:10080"+uri);
		HttpURLConnection connection = (HttpURLConnection)url.openConnection();
		//レスポンスを受信
		Map<String, java.util.List<String>> map = connection.getHeaderFields();
		//レスポンスからnoneを取り出す。
		String nonce = getNonce(map);
		//Hashの再計算
		//A1の計算
		String hasha2 = MD5(a2);//method:uri
		//Responseの計算
		String hx_response = MD5(hasha1+":"+nonce+":"+nc+":"+cnonce+":"+qop+":"+hasha2);

		//認証情報を指定してHTTPアクセス
		connection = (HttpURLConnection)url.openConnection();
		connection.setRequestMethod("GET");
		connection.setRequestProperty("Authorization","Digest username="+user+", realm="+realm+", nonce="+nonce+", uri="+uri+", algorithm=MD5, response="+hx_response+", qop=auth, nc=00000001, cnonce="+cnonce );
		connection.connect();

		//結果の出力
		InputStream in = connection.getInputStream();
		byte bodyByte[] = new byte[1024];
		while(in.read(bodyByte)!=-1){
			System.out.println(new String(bodyByte));
		}

	}


	public static String MD5(String string ){
		//MD5ハッシュの生成
		return DigestUtils.md5Hex(string);
	}

	public static String getNonce(Map<String,java.util.List<String>> map){
		/**
		 * HTTPレスポンス401よりnonceを取り出す
		 */
		String noncekey="";
		java.util.List<String> h = (java.util.List<String>) map.get("WWW-Authenticate");
		String auth = h.get(0);
		String [] authar = auth.split(",");
		authar = authar[1].split("\"");
		noncekey = authar[1];
		System.out.println("nonce:"+authar[1]);//取得したnonce
		return noncekey;
	}

}
	import java.io.IOException;
	import java.io.InputStream;
	import java.net.HttpURLConnection;
	import java.net.URL;
	import java.util.Map;
	import org.apache.commons.codec.digest.DigestUtils;


	public class Main {
	public static void main(String [] args) throws IOException{
	String user = "q9";
	String realm= "secret";
	String uri = "/~q9/flag.html";
	String method="GET";
	String hasha1 = "c627e19450db746b739f41b64097d449";
	String a2 = method +":"+ uri;
	String nc ="00000001";
	String cnonce ="9691c249745d94fc";
	String qop = "auth";
	//サーバにリクエストを送信
	URL url = new URL("http://ksnctf.sweetduet.info:10080"+uri);
	HttpURLConnection connection = (HttpURLConnection)url.openConnection();
	//レスポンスを受信
	Map<String, java.util.List<String>> map = connection.getHeaderFields();
	//レスポンスからnoneを取り出す。
	String nonce = getNonce(map);
	//Hashの再計算
	//A1の計算
	String hasha2 = MD5(a2);//method:uri
	//Responseの計算
	String hx_response = MD5(hasha1+":"+nonce+":"+nc+":"+cnonce+":"+qop+":"+hasha2);

	//認証情報を指定してHTTPアクセス
	connection = (HttpURLConnection)url.openConnection();
	connection.setRequestMethod("GET");
	connection.setRequestProperty("Authorization","Digest username="+user+", realm="+realm+", nonce="+nonce+", uri="+uri+", algorithm=MD5, response="+hx_response+", qop=auth, nc=00000001, cnonce="+cnonce );
	connection.connect();

	//結果の出力
	InputStream in = connection.getInputStream();
	byte bodyByte[] = new byte[1024];
	while(in.read(bodyByte)!=-1){
	System.out.println(new String(bodyByte));
	}

	}


	public static String MD5(String string ){
	//MD5ハッシュの生成
	return DigestUtils.md5Hex(string);
	}

	public static String getNonce(Map<String,java.util.List<String>> map){
	/**
	* HTTPレスポンス401よりnonceを取り出す
	*/
	String noncekey="";
	java.util.List<String> h = (java.util.List<String>) map.get("WWW-Authenticate");
	String auth = h.get(0);
	String [] authar = auth.split(",");
	authar = authar[1].split("\"");
	noncekey = authar[1];
	System.out.println("nonce:"+authar[1]);//取得したnonce
	return noncekey;
	}

	}