hama7230/solve.py

## solve.py
# RCTF2018 cpushop crypto
from pwn import *
import commands
import hashpumpy

conn = remote('cpushop.2018.teamrois.cn', 43000)

conn.sendline('2')
conn.sendline('9')
conn.recvuntil('Your order:\n')
buf = conn.recvline().strip()
payment = buf[:51]
sign = buf[51:]
hashed = sign[6:]
print payment
print hashed

for i in range(8, 33):
    a = hashpumpy.hashpump(hashed, payment, '&price=1', i)
    payload = a[1] + '&sign='+a[0]
    conn.recvuntil('Command')
    conn.sendline('3')
    conn.sendlineafter('Your order:', payload)
    buf = conn.recvline()
    if 'Your current money' in buf:
        print conn.recv(0x1000)
'''
# python solve.py
[+] Opening connection to cpushop.2018.teamrois.cn on port 43000: Done
product=Flag&price=99999&timestamp=1526912622489504
31db025d024aa85a943be04fb4eaee3b804389350b74ccad355e06bb6cc08497
You have bought Flag
Good job! Here is your flag: RCTF{ha5h_l3ngth_ex7ens10n_a77ack_1s_ez}
'''
	# RCTF2018 cpushop crypto
	from pwn import *
	import commands
	import hashpumpy

	conn = remote('cpushop.2018.teamrois.cn', 43000)

	conn.sendline('2')
	conn.sendline('9')
	conn.recvuntil('Your order:\n')
	buf = conn.recvline().strip()
	payment = buf[:51]
	sign = buf[51:]
	hashed = sign[6:]
	print payment
	print hashed

	for i in range(8, 33):
	a = hashpumpy.hashpump(hashed, payment, '&price=1', i)
	payload = a[1] + '&sign='+a[0]
	conn.recvuntil('Command')
	conn.sendline('3')
	conn.sendlineafter('Your order:', payload)
	buf = conn.recvline()
	if 'Your current money' in buf:
	print conn.recv(0x1000)
	'''
	# python solve.py
	[+] Opening connection to cpushop.2018.teamrois.cn on port 43000: Done
	product=Flag&price=99999&timestamp=1526912622489504
	31db025d024aa85a943be04fb4eaee3b804389350b74ccad355e06bb6cc08497
	You have bought Flag
	Good job! Here is your flag: RCTF{ha5h_l3ngth_ex7ens10n_a77ack_1s_ez}
	'''