Instantly share code, notes, and snippets.

Embed
What would you like to do?
Pwnable.kr crypto1 writeup

Pwnable.kr crypto1 writeup

ihciah@gmail.com

In this challenge we can input username and password, then the server return an encrypted string of {username}-{password}-{cookie} in which the cookie is not known.

Since CBC is used, each 32 word in encrypted string is encrypted by last block and 16 word in original string.

So let's enter "A"*16 as username, and enter different password, the first 32 word of the encrypted data is the same.

So we can brute-force the cookie through trying each bit of cookie.

Case A: Username = "-"*13 + x Password = "" So String = "-"*15 + x

Case B: Username = "-"*13 Password = "" So String = "-"*15 + cookie

We can change x and compare first, second, third... 32 bit.

Write a simple script to exploit it:

you_will_never_guess_this_sugar_honey_salt_cookie

Calculate PW through hashlib.sha256("admin"+"you_will_never_guess_this_sugar_honey_salt_cookie").hexdigest()

Input username admin and password to get the flag.

from pwn import *
import string
cookie = "a"
alphabet = string.ascii_lowercase + string.digits + "_-"
def getkey(a):
p=remote("pwnable.kr",9006)
p.recvuntil("ID")
p.sendline(a)
p.recvuntil("PW")
p.sendline("")
r=p.recvuntil(")")
p.close()
return r[r.find("(")+1:r.find(")")]
def guess(n):
global cookie
count=((n+2)/16+1)*32
pre_padding = "-"*(15-n+16*((n+2)/16))+cookie[:n]
real = "-"*(13-n+16*((n+2)/16))
key = getkey(real)[:count]
print "count:",count
print "pre_padding:",pre_padding
print "real:",real
print "key:",key
for i in alphabet:
print i
for i in alphabet:
print i
if getkey(pre_padding+i)[:count]==key:
print "cookie got:",n,i
cookie=cookie[:n]+i+cookie[n+1:]
return
print "Error."
print "Guessed:",cookie[:n-1]
assert(False)
map(guess,range(0,64))
print cookie
@chhaipov

This comment has been minimized.

Copy link

chhaipov commented Dec 8, 2016

m new to this stuff. Can you help to explain abit more detail on the algorithm for bruteforce? Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment