Last active
October 19, 2017 21:53
-
-
Save unicornsasfuel/3020e5d7fb19436173c0a8e16dc403a4 to your computer and use it in GitHub Desktop.
Shellcon FeatherDuster Workshop Exercise Materials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from Crypto.Cipher import AES | |
import sys | |
FLAG = '7368336c6c63306e72756c7a'.decode('hex') | |
def pkcs7_pad(text): | |
pad_num = 16 - (len(text) % 16) | |
return text + chr(pad_num) * pad_num | |
cipher = AES.new('yellow submarINE', AES.MODE_ECB) | |
sys.stdout.write('input? ') | |
sys.stdout.flush() | |
print cipher.encrypt(pkcs7_pad(raw_input('') + FLAG)).encode('hex') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
socat TCP4-LISTEN:9001,fork,bind=127.0.0.1 EXEC:python\ exercise_server.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generated by FeatherDuster | |
import cryptanalib as ca | |
import socket | |
def simple_conn(host,port): | |
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
sock.connect((host, int(port))) | |
return sock | |
def encryption_oracle(text): | |
# TODO: Write a function to interact with the ECB encryption oracle | |
s = simple_conn('127.0.0.1',9001) | |
junk = s.recv(1024) | |
s.send(text+'\n') | |
response = s.recv(1024).strip() | |
return response.decode("hex") | |
ca.ecb_cpa_decrypt(encryption_oracle=encryption_oracle, block_size=16, verbose=True, hollywood=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
def simple_conn(host,port): | |
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
sock.connect((host, int(port))) | |
return sock | |
s = simple_conn('127.0.0.1',9001) | |
print(s.recv(1024)) | |
s.send(raw_input()+'\n') | |
print(s.recv(1024)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment