Skip to content

Instantly share code, notes, and snippets.

@komang4130

komang4130/gist:cfd47f498a5d60de628a1b9ff7dfe8c2

Created June 16, 2018 05:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save komang4130/cfd47f498a5d60de628a1b9ff7dfe8c2 to your computer and use it in GitHub Desktop.
Save komang4130/cfd47f498a5d60de628a1b9ff7dfe8c2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
import socket
import os
#product=FLAG&price=999999999&timestamp=1529122879569249&sign=b46e16950a89fc50eb229be891af53625eceb6a7c6b82c323c8ac7e7d0dc78cb
def hash_length_extension(order,length):
append = "&price=1000"
key_length = length
data = order[:-70]
sign = order[-64:]
hashpump = os.popen("hashpump -d '%s' -s '%s' -a '%s' -k '%i'" % (data,sign,append,key_length)).readlines()
newsign = hashpump[0].rstrip()
#print "Old: " + hashpump[1]
newdata = hashpump[1].rstrip().decode('string_escape')
#print "After: " + newdata
return newdata + '&sign=' + newsign
def send(length):
host,port = "13.251.110.215",10001
s = socket.socket()
s.connect((host,port))
payload = hash_length_extension("product=FLAG&price=999999999&timestamp=1529122879569249&sign=b46e16950a89fc50eb229be891af53625eceb6a7c6b82c323c8ac7e7d0dc78cb",length)
s.recv(1024)
s.recv(1024)
#print s.recv(1024)
s.send("3" + "\n")
s.recv(1024)
s.recv(1024)
print payload
s.send(payload + "\n")
return s.recv(1024)
for i in range(8,33):
k = send(i)
if "Invalid" in k:
print "Key length ",i," Failed"
else:
print send(i)
print "Key lenth ",i
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment