Skip to content

Instantly share code, notes, and snippets.

@hama7230

hama7230/solve.py

Created May 21, 2018
Embed
What would you like to do?
# RCTF2018 cpushop crypto
from pwn import *
import commands
import hashpumpy
conn = remote('cpushop.2018.teamrois.cn', 43000)
conn.sendline('2')
conn.sendline('9')
conn.recvuntil('Your order:\n')
buf = conn.recvline().strip()
payment = buf[:51]
sign = buf[51:]
hashed = sign[6:]
print payment
print hashed
for i in range(8, 33):
a = hashpumpy.hashpump(hashed, payment, '&price=1', i)
payload = a[1] + '&sign='+a[0]
conn.recvuntil('Command')
conn.sendline('3')
conn.sendlineafter('Your order:', payload)
buf = conn.recvline()
if 'Your current money' in buf:
print conn.recv(0x1000)
'''
# python solve.py
[+] Opening connection to cpushop.2018.teamrois.cn on port 43000: Done
product=Flag&price=99999&timestamp=1526912622489504
31db025d024aa85a943be04fb4eaee3b804389350b74ccad355e06bb6cc08497
You have bought Flag
Good job! Here is your flag: RCTF{ha5h_l3ngth_ex7ens10n_a77ack_1s_ez}
'''
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.