Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/usr/bin/python
import pwn
import base64
import binascii
p = pwn.remote("tasks.aeroctf.com",44323)
def encryptWithKey(p,blk):
p.recvuntil("> ")
p.send("3\n")
p.recvuntil(": ")
p.send(blk + "\n")
data = p.recvuntil("\n")
(p1,p2,p3) = data.split("'")
dx = binascii.hexlify(base64.b64decode(p2))
parts = [dx[i:i+32] for i in range(0, len(dx), 32)]
print(parts)
return parts
def findLength(p):
for i in range(0,16):
par = encryptWithKey(p,"}" + "\x00" * 15 + "\00" * i)
if par[0] == par[-1]:
print "Found! %d" % i
return i
# We know it's i * 11.
knownKeyBytes = "}"
import string
def findByte(p):
for c in "0123456789abcdef":
par = encryptWithKey(p,c + "5013a76ed3b98bae1e79169b3495f47a}" + "\x00" * 26)
if par[0] == par[-3]:
print "Found: %c" % c
return c
# findLength(p)
findByte(p)
p.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.