volpino/crypto100.py

## crypto100.py
import requests
import string
import random
import urllib


def xor(s1, s2):
    assert len(s1) == 16 and len(s2) == 16
    return "".join([chr(ord(s1[i]) ^ ord(s2[i])) for i in range(16)])


url = "http://52.69.244.164:51913/"
#url = "http://127.0.0.1:9292/"

data = {
    "username": "a",
    "password": "a" * 31,
}

sess = requests.Session()
res = sess.post(url, params=data)
print res.text
auth = sess.cookies['auth']
print auth
auth = urllib.unquote(auth)
iv = auth[:16]
block1 = auth[16:32]
block2 = auth[32:48]
block3 = auth[48:64]
block4 = auth[64:80]
block5 = auth[80:]

block3 = xor(xor(block3, "a" * 16), '","admin":true,"')

new_auth = iv + block1 + block2 + block3 + block4 + block5
print len(new_auth)
print urllib.quote(new_auth)
res = requests.get(url, cookies={"auth": urllib.quote(new_auth)})
print res.text
	import requests
	import string
	import random
	import urllib


	def xor(s1, s2):
	assert len(s1) == 16 and len(s2) == 16
	return "".join([chr(ord(s1[i]) ^ ord(s2[i])) for i in range(16)])


	url = "http://52.69.244.164:51913/"
	#url = "http://127.0.0.1:9292/"

	data = {
	"username": "a",
	"password": "a" * 31,
	}

	sess = requests.Session()
	res = sess.post(url, params=data)
	print res.text
	auth = sess.cookies['auth']
	print auth
	auth = urllib.unquote(auth)
	iv = auth[:16]
	block1 = auth[16:32]
	block2 = auth[32:48]
	block3 = auth[48:64]
	block4 = auth[64:80]
	block5 = auth[80:]

	block3 = xor(xor(block3, "a" * 16), '","admin":true,"')

	new_auth = iv + block1 + block2 + block3 + block4 + block5
	print len(new_auth)
	print urllib.quote(new_auth)
	res = requests.get(url, cookies={"auth": urllib.quote(new_auth)})
	print res.text