samueltangz/pwn-thy-bytes-pass-the-hash.py

## pwn-thy-bytes-pass-the-hash.py
import os
from pwn import *

# context.log_level = 'debug'

# copy and paste

def sha(my_string):
  m = hashlib.new('sha')
  m.update(my_string)
  return m.digest()

def sha1(my_string):
  m = hashlib.new('sha1')
  m.update(my_string)
  return m.digest()

def sha256(my_string):
  m = hashlib.new('sha256')
  m.update(my_string)
  return m.digest()

def ripemd160(my_string):
  m = hashlib.new('ripemd160')
  m.update(my_string)
  return m.digest()

def xor(s1,s2):
  return ''.join([chr(ord(s1[i]) ^ ord(s2[i % len(s2)])) for i in range(len(s1))])

h_list = [sha, sha1, ripemd160, sha256]


def combo_hash(salt, password, h_list, no_rounds):
  salted_pass = password + salt + password
  l_pass = salted_pass[:32]
  r_pass = salted_pass[32:]
  for i in range(no_rounds):
    l_index = ord(l_pass[31]) % len(h_list)
    r_index = ord(r_pass[0]) % len(h_list)
    l_hash = h_list[l_index](l_pass)
    r_hash = h_list[r_index](r_pass)
    l_pass = xor(l_pass,r_hash)
    r_pass = xor(r_pass,l_hash)
  return l_pass + r_pass

# functions for exploit

def solve(m, h):
  a0, a1, a2, a3 = m[0:8], m[8:12], m[12:16], m[16:24]

  v0, v1, v2, v3, v4 = h[0:8], h[8:12], h[12:20], h[20:28], h[28:32]
  v5, v6, v7, v8, v9 = h[32:36], h[36:44], h[44:52], h[52:56], h[56:64]

  x0  = xor(xor(v0, v3), a0)
  x1  = xor(xor(v1, v4), a1)
  _x1 = xor(xor(v5, v8), a2)
  x2  = xor(xor(v6, v9), a3)

  if x1 != _x1: return None
  return x0 + x1 + x2

while True:
  r = remote('52.142.217.130', 13374)
  # r = process(['python', 'ph.py'])

  r.recvline()

  ms = []
  for i in range(1023):
    m = os.urandom(11) + '\x00\x00' + os.urandom(11)
    ms.append(m)
    r.sendline(m.encode('hex'))
  for m in ms:
    h = r.recvline().strip().decode('hex')
    p = solve(m, h)
    if p != None: break

  if p == None:
    r.close()
    continue

  r.sendline('')
  r.recvuntil('Here is the challenge salt:\n')
  s = r.recvline().strip().decode('hex')
  h = combo_hash(s, p, h_list, 16)
  r.sendline(h.encode('hex'))

  r.interactive()
  break

'''
Congrats. Here's a flag for you:
PTBCTF{420199e572e685af8e1782fde58fd0e9}
'''
	import os
	from pwn import *

	# context.log_level = 'debug'

	# copy and paste

	def sha(my_string):
	m = hashlib.new('sha')
	m.update(my_string)
	return m.digest()

	def sha1(my_string):
	m = hashlib.new('sha1')
	m.update(my_string)
	return m.digest()

	def sha256(my_string):
	m = hashlib.new('sha256')
	m.update(my_string)
	return m.digest()

	def ripemd160(my_string):
	m = hashlib.new('ripemd160')
	m.update(my_string)
	return m.digest()

	def xor(s1,s2):
	return ''.join([chr(ord(s1[i]) ^ ord(s2[i % len(s2)])) for i in range(len(s1))])

	h_list = [sha, sha1, ripemd160, sha256]


	def combo_hash(salt, password, h_list, no_rounds):
	salted_pass = password + salt + password
	l_pass = salted_pass[:32]
	r_pass = salted_pass[32:]
	for i in range(no_rounds):
	l_index = ord(l_pass[31]) % len(h_list)
	r_index = ord(r_pass[0]) % len(h_list)
	l_hash = h_list[l_index](l_pass)
	r_hash = h_list[r_index](r_pass)
	l_pass = xor(l_pass,r_hash)
	r_pass = xor(r_pass,l_hash)
	return l_pass + r_pass

	# functions for exploit

	def solve(m, h):
	a0, a1, a2, a3 = m[0:8], m[8:12], m[12:16], m[16:24]

	v0, v1, v2, v3, v4 = h[0:8], h[8:12], h[12:20], h[20:28], h[28:32]
	v5, v6, v7, v8, v9 = h[32:36], h[36:44], h[44:52], h[52:56], h[56:64]

	x0 = xor(xor(v0, v3), a0)
	x1 = xor(xor(v1, v4), a1)
	_x1 = xor(xor(v5, v8), a2)
	x2 = xor(xor(v6, v9), a3)

	if x1 != _x1: return None
	return x0 + x1 + x2

	while True:
	r = remote('52.142.217.130', 13374)
	# r = process(['python', 'ph.py'])

	r.recvline()

	ms = []
	for i in range(1023):
	m = os.urandom(11) + '\x00\x00' + os.urandom(11)
	ms.append(m)
	r.sendline(m.encode('hex'))
	for m in ms:
	h = r.recvline().strip().decode('hex')
	p = solve(m, h)
	if p != None: break

	if p == None:
	r.close()
	continue

	r.sendline('')
	r.recvuntil('Here is the challenge salt:\n')
	s = r.recvline().strip().decode('hex')
	h = combo_hash(s, p, h_list, 16)
	r.sendline(h.encode('hex'))

	r.interactive()
	break

	'''
	Congrats. Here's a flag for you:
	PTBCTF{420199e572e685af8e1782fde58fd0e9}
	'''