Last active
August 29, 2015 14:10
-
-
Save volpino/7a26a899408069a78dd3 to your computer and use it in GitHub Desktop.
9447 CTF - nosql solver
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2 | |
import os, socket, struct, sys | |
from Crypto.Cipher import AES | |
class EncryptedStream(object): | |
key = 'this is not the flag nor the key'[:16] | |
def __init__(self, host, port): | |
self.sock = socket.socket() | |
self.sock.connect((host, port)) | |
def send(self, msg): | |
while len(msg) % 16: | |
msg += '\0' | |
iv = os.urandom(16) | |
aes = AES.new(self.key, AES.MODE_ECB, iv) | |
enc = aes.encrypt(msg) | |
print repr(enc) | |
print len(enc) | |
enc = open("nosql.dump").read() | |
msg = "" | |
msg += enc[16*25:16*25+16] | |
msg += enc[16*26:] | |
msg += enc[16*4:16*4+16] | |
msg += enc[16*26:] | |
enc = msg | |
self.sock.send(struct.pack('<I', len(enc))) | |
self.sock.send(enc) | |
def recv(self, nbytes): | |
return self.sock.recv(nbytes) | |
client = '''\ | |
HELLO | |
SHOW VERSION | |
SET example This tiny script is basically a RedisStore... | |
GET example | |
SHOW KEYS | |
SET brucefact#1 Bruce Schneier can break elliptic curve cryptography by bending it into a circle | |
SET brucefact#2 Bruce Schneier always cooks his eggs scrambled. When he wants hardboiled eggs, he unscrambles them | |
SET brucefact#3 Bruce Schneier could solve this by inverting md5 hash of the flag | |
ENCRYPTION HEX | |
MD5 flag | |
''' | |
for i in range(len(client)/16+1): | |
print repr(client[i*16:i*16+16]) | |
stream = EncryptedStream(sys.argv[1], int(sys.argv[2])) | |
stream.send(client) | |
while 1: | |
data = stream.recv(1000) | |
if not data: break | |
sys.stdout.write(data) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment