Created
June 16, 2018 05:02
-
-
Save komang4130/cfd47f498a5d60de628a1b9ff7dfe8c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import os | |
#product=FLAG&price=999999999×tamp=1529122879569249&sign=b46e16950a89fc50eb229be891af53625eceb6a7c6b82c323c8ac7e7d0dc78cb | |
def hash_length_extension(order,length): | |
append = "&price=1000" | |
key_length = length | |
data = order[:-70] | |
sign = order[-64:] | |
hashpump = os.popen("hashpump -d '%s' -s '%s' -a '%s' -k '%i'" % (data,sign,append,key_length)).readlines() | |
newsign = hashpump[0].rstrip() | |
#print "Old: " + hashpump[1] | |
newdata = hashpump[1].rstrip().decode('string_escape') | |
#print "After: " + newdata | |
return newdata + '&sign=' + newsign | |
def send(length): | |
host,port = "13.251.110.215",10001 | |
s = socket.socket() | |
s.connect((host,port)) | |
payload = hash_length_extension("product=FLAG&price=999999999×tamp=1529122879569249&sign=b46e16950a89fc50eb229be891af53625eceb6a7c6b82c323c8ac7e7d0dc78cb",length) | |
s.recv(1024) | |
s.recv(1024) | |
#print s.recv(1024) | |
s.send("3" + "\n") | |
s.recv(1024) | |
s.recv(1024) | |
print payload | |
s.send(payload + "\n") | |
return s.recv(1024) | |
for i in range(8,33): | |
k = send(i) | |
if "Invalid" in k: | |
print "Key length ",i," Failed" | |
else: | |
print send(i) | |
print "Key lenth ",i | |
break |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment